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NOT ADVANCING 


Heavy IT workloads and a lack of management 
support hold up advanced storage projects. PAGE 4 
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Chances are it’s just a matter 
of time before your company 
suffers asecurity breach. 

Do you know how you'll 
respond? You'd better! 
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IT Consolidates BI Tools As Use Expands 


Companies look to 
streamline support, 
improv e ease of use _ of use 


BY HEATHER HAVENSTEIN 
SCOTTSDALE, ARIZ 

As companies look to extend 
business intelligence capabili- 
ties to growing numbers of 
end users, IT operations are 
consolidating multiple BI tool 


sets and forging closer ties 
with business units. 
Attendees at last week’s 
| Computerworld Business In- 
telligence Perspectives con- 
ference here said tool consoli- 
dation should make BI tools 
easier to use and reduce IT 
support requirements. 
For example, Carlson Hos- 
pitality Worldwide is replac- 
ing six reporting and analysis 


LebecEDealeceelMMecccbberceldeleleclalecel ladle! 
#BXBBIF TeoeeeeeeeeAUTORES-DIGIT 48103 


#0576350/CB/6% CW200540 982 


SHERI MARION 
PROQUEST 

MS 88 

308 N ZEEB RD 


16714 
85 


ANN ARBOR MI 48183-1553 





tools and standardizing on 


| Information Builders Inc.’s 
WebFocus software. An offi- 


cial at the hotel operator in 
Minnetonka, Minn., declined 
to identify the six products 
that are being replaced. 
Carlson will use WebFocus 


for reporting and to deliver 


business scorecard applica- 
tions, which monitor adher- 
ence to corporate goals, to 
each of its 870 hotels. 

BI Tools, page 14 
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Help IT Execs 
Fine-tune Plans 


Among lessons from first year of compliance: 
Assign 1dedicated staffers, test controls ¢ ce ntrally 


BY THOMAS HOFFMAN 
BALTIMORE 


Executives who over- 
saw the first round of 


| Sarbanes-Oxley Act 


compliance for their 
companies said last 
week that in hindsight, 
they likely would have done 
things a bit differently. 

The changes they would 


| make include better educating 


workers about the steps that 
need to be taken, assigning 
dedicated staffers to assess 
and monitor critical controls, 
and automating a greater por- 
tion of repairs to deficient IT 


Palm’s Embrace 


controls, said attendees 
at the Sarbanes-Oxley 
Conference & Exhibi- 
tion here. 

Neil Frieser, vice 
president of internal 
controls at Viacom Inc. 
in New York, said his 


| early experiences taught him 
| that “you want to start the 


process early, to educate as 
many people as possible.” 
Frieser said Viacom con- 
ducted a staggering 19,600 
tests on 1,560 business con- 
trols and 540 IT controls last 


| year to meet Section 404 of 


Sarb-Ox, page 50 


of Windows for 


Treo Clouds Future of Palm OS 


IT managers want to 
avoid mixed rollouts 
of mobile devices 
BY MATT HAMBLEN 
When Palm Inc. announced 
last week a Treo smart phone 
that will run Windows Mo- 
bile, it provoked a debate 
among IT managers over 
whether Microsoft Corp.’s 
operating system or Palm OS 
is the better choice for users. 
But 10 IT managers inter- 
viewed after the announce- 
ment agreed on one thing: 





They would prefer to deploy 
a single mobile operating sys- 
tem to help simplify support. 

“Fundamentally, I’m not a 
Microsoft hater, and I might 
want Windows Mobile in 
five years,” said Bruce Hagen, 
vice president of corporate 
information systems at Bemis 
Manufacturing Co. in She- 
boygan Falls, Wis. “[But] we 
want to have one OS to sup- 
port. There are too many 
support issues with one, let 
alone [two].” 

About 50 end users at Be- 

Palm OS, page 50 












As Patti observed the new Canon Color-enabled inageRUNNER, 
her new mantra became, “black-and-white and occasional 


color printing is now affordable.” 


Patti’s company isn’t doing business as usual. What about your company? 
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Canon 
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The new Canon imageRUNNER solutions and support addressed 
Don’s concerns about seamless network integration, secured printing 


and managing network devices. Hence, Don’s no longer concerned. 


Don’s company isn’t doing business as usual. What about your company? 
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People told Columbus 


the world was flat. 
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Data Center Gets Star Treatment 

In the Technology section: Moving to new digs, 
Lucasfilm seized a once-in-a-lifetime opportunity 
to rebuild its data center and networks from the 


bottom up, says CTO Cliff Plumer (right). 


Page 23 
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Connected or Addicted? 


In the Management section: Paul Glen sees 
a pathological need for connectedness in 


managers who can’t stand to miss a call 
on their cell phones or an e-mail on their 
BlackBerries. Page 46 
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Storage projects are stifled 
by a lack of time and manage- 
ment support. 


Q&A: Michael Feinberg, CTO 
of HP’s StorageWorks unit, re- 
assures users that storage is 
“top of mind” for the vendor. 


HP e3000 users continue 
their fight to gain ownership 
of MPE source code, but fund- 
ing issues are hindering them. 


SAP, Oracle plug their latest 
middleware while taking 
shots at each other’s offerings. 


Fallout from data breaches 
can be minimized with effec- 
tive communication, a new 
survey says. 


Microsoft, Symantec ship 
continuous data protection 
products that can back up in- 
cremental copies of files to lo- 
cal servers and restore them 
in seconds. 


An internal Novell server is 
hacked into and used to scan 
for vulnerable ports on sys- 
tems worldwide. 


Global Dispatches: Microsoft 
will double the workforce at 
its Indian units. 


Supporters of a higher H-1B 
cap push Congress to loosen 
immigration restrictions. 


Use of business intelligence 
tools spreads to the front 
lines. 


PanGo updates its asset- 
tracking software. 


TECHNOLOGY 


: 31 Geek's Garden. A new comput- 


er algorithm can speed up 
genome sequencing; MIT cre- 
ates maps in an Austrian city 
using cell phone data; and we 
profile Konrad Zuse, who cre- 
ated the first programmable 
computer commercially sold. 


34 QuickStudy: Podcasting. This 


method for publishing audio 
broadcasts via the Internet al- 
lows users to subscribe to an 
automatic feed of files that can 
be downloaded to portable 
music players or PCs. 


35 Security Manager’s Journal: 


Playing Nice With Physical 
Security. You must tread with 
care when it’s necessary to 
cross the line between the de- 
partments handling physical 
and information security, says 
Mathias Thurman. 


MANAGEMENT 





: 39 Data Scandal. It may not be a 


case of whether but when 
your company will experience 
a data security breach. Do you 
know how you're going to re- 
spond? You'd better. 


“What We Have Here Is an 

IT Problem. . .” Is there any 
way to end the finger-pointing 
between IT and business? IT 
professionals Jennifer and 
Doug Pfaff look at why it’s 
often so hard to get along. 


: 44 Interns 201. Now’s the time 


to upgrade your student in- 
tern program so it delivers 
more value for both sides the 
next time around. 
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_ OPINIONS 


On the Mark: Mark Hall talks 
to the executive director of 
the newly formed Technology 
Professional Services Associ- 
ation, who cautions against 
vendors that are more inter- 
ested in selling you widgets 
than in helping you solve your 
overall IT issues. 


Don Tennant views the IT in- 
dustry as unique, but he still 
thinks there are parallels with 
other industries that can yield 
valuable insights into the mat- 
uration of high tech. 


Michael Gartenberg got a 
peek at the new Windows Mo- 
bile 5.0 and sees three trends 
that should make Microsoft a 
major player in mobility. 


36 Mark Willoughby thinks re- 


mote attestation deprives hu- 
mans of the right to choose if, 
and how, they want to obey 
the law. 


52 Frankly Speaking: Frank 


Hayes takes a look at a new 
IBM consulting offering 

that aims to help companies 
decide what skills to replace 
as baby boomer IT profes- 
sionals prepare to retire. 

But he thinks you can capture 
their critical knowledge on 
your own with in-depth 
debriefings. 
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From Adversity to Advantage 
DEVELOPMENT: See how six project manage- 
ment steps can help your IT department 
manage risks and boost the company’s 


business performance. @ QuickLink 57178 
Securing Your Macs 


MACINTOSH: Securing a workstation means 
protecting user files and folders, application 
folders and operating system components, 
says columnist Ryan Faas. The goal is not 
only to safeguard user data but also to ensure 
that any information about your network at 
large is safe. @ QuickLink 57140 


Ina Pinch, Networked-Attached 
Storage Gateway Fits the Bill 


STORAGE: Finding itself between SANs, one 
company filled the gap with an ONStor sys- 
tem and positioned itself for tiered storage. 


© QuickLink a7140 
AFresh Approach to IP Protection 


IT MANAGEMENT: Attorney John Gliedman 
discusses a case in which a licensor placed a 
dollar value on a future breach of its intellec- 


tual property rights. © QuickLink 56950 
Mobile Trends 


WEBCAST: Get up to speed on the latest 
trends in mobile and wireless technology 
and learn how they're transforming the way 
five vertical industries do business. This 
webcast includes a quick primer on Wi-Fi, 
WiMax, RFID and 3G. © QuickLink 25830 
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GAO: FAA Lacks IT 
Security Controls 


The Federal Aviation Administra- 
tion lacks IT network security con- 
trols and in some cases hasn't in- 
stalled software patches that are 
several years old, according to a 
Government Accountability Office 
report. These and other FAA IT 
problems could “lead to disruption 
in aviation operations,” the report 
said. The FAA downplayed the 
findings but said it will consider 
the GAO’s recommendations. 


BEA Buys Eclipse 
Tool Maker M7 


BEA Systems Inc. has acquired 
M7 Corp., a maker of develop- 
ment tools based on the Eclipse 
open-source framework, for an 
undisclosed sum. BEA said it can 
now deliver a “blended” product 
line that combines open-source 
and proprietary technologies. BEA 
joined the Eclipse Foundation in 
March after long ignoring the de- 
velopment standard. 


GE Healthcare To 
Pay $1.2B for IDX 


U.K.-based GE Healthcare, a unit 
of General Electric Co., has 
agreed to buy health care IT 
provider IDX Systems Corp. for 
about $1.2 billion in cash. The 
combined company will offer 
suites of clinical, imaging and ad- 
ministrative information systems, 
GE said. The transaction is ex- 
pected to close early next year. 


UGA Employee 
Data Compromised 
About 1,600 current and former 
employees of the University of 
Georgia are being notified that 
their Social Security numbers, 
stored on a campus server, may 
have been seen by a hacker oper- 
ating from a foreign country. The 
Athens-based school said the 
breach was discovered Sept. 19 
and that the intrusion was 
stopped. No credit card informa- 
tion was accessed, officials said. 





NEWS 


Lack of Support, Time 
Slow Storage Projects 


IT managers say hurdles are too high 





|; BY LUCAS MEARIAN 


NEW YORK 


NFORMATION technology 
managers want the bene- 
fits of new storage tech- 
nologies, but several in- 
terviewed at the Storage Deci- 
sions conference here last 
week said a lack of time and 
management support for 
such projects are stifling 
those aspirations. 

Some users said they 
haven't even had the time or 
support needed to create a 
cost-benefit model for storage 
resource management and 
tiered storage management 
projects. 

“My problem is we’re too 
busy. Every year, we put stor- 
age resource management on 
the budget, and every year, it 
just falls off,” said Edwin Als- 
berg, director of IT operations 
at The Depository Trust & 
Clearing Corp. in New York. 

John Strano, manager of ca- 
pacity and performance man- 
agement at Pfizer Inc. in New 
York, said IT managers in gen- 
eral don’t have time to deploy 
sophisticated data manage- 
ment tools, “let alone get the 
value out of them.” 

Strano said he has devel- 
oped a plan for a tiered stor- 
age infrastructure with six lev- 
els ranging from high-end pri- 
mary to secondary storage to 
network-attached storage. But 
Strano said that so far, he has 
deployed only three levels be- 
cause he’s so busy. 


No Time to Model 


An impromptu electronic sur- 
vey of about 500 users at the 
conference by sponsor Tech- 
Target found that 66% don’t 
have time to put together a 
basic cost model or a data 
value model for an informa- 
tion life-cycle management 
project. Twenty-eight percent 
said they can’t build out a 
tiered storage cost model, and 
only 8% have completed work 





on an ILM strategy. In another 
conference survey, 69% of the 
respondents said they receive 
some executive support but no 
ongoing support for projects, 
22% said they receive no man- 
agement support, and 9% said 
they get all the management 
support they need. 

Richard Scannell, vice presi- 
dent of corporate develop- 
ment at GlassHouse Technolo- 
gies Inc., a consulting firm in 
Framingham, Mass., said IT 
officials may have more suc- 
cess in gaining management 
backing for projects when pro- 
posals detail probable effects 
on the business. 





Craig Taylor, associate di- 
rector of open systems at 
Chicago Mercantile Exchange 
Holdings Inc., said he did gain 
management support as his 
unit built out a five-tier stor- 
age infrastructure that has 
eliminated regular daily back- 
ups to tape and greatly re- 
duced power consumption in 
his data center. Taylor said IT 
should provide management 
with simple lines of reasoning 
for supporting projects. “Look 
at it from the application level 
— e-mail, regulatory reports, 
Word documents,” he said. 

The archival tier of the ex- 
change’s storage infrastruc- 
ture is made up of a relatively 
inexpensive ATA array from 
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My problem 


% 9 is we're too 


busy. Every year, 
we put storage 
resource manage- 
ment on the budget, 
and every year, it 
just falls off. 


EDWIN ALSBERG, DIRECTOR OF IT 
OPERATIONS, THE DEPOSITORY TRUST 
& CLEARING CORP. 


Copan Systems Inc. in Long- 
mont, Colo., that stores 228TB 
in a 10-square-foot area, free- 
ing up space in the data center 
and using far less electricity 
than a traditional midtier disk 
array or a tape silo. 

The new array has in- 
creased backup and restore 
rates by 228% compared with 
the exchange’s old tape silo, 


Taylor said. @ 57198 


StorageWorks CTO Says Storage Still ‘Top of Mind’ at HP 


NEW YORK 

Michael Feinberg, chief tech- 
nology officer at Hewlett-Pack- 
ard Co.'s StorageWorks division, 
must ensure that HP’s 

storage push moves 

along as it cuts costs 

through layoffs [QuickLink 
55737] and faces life under new 
CEO Mark Hurd, who was hired 
in March to replace Carly Fiorina. 
Feinberg discussed HP's storage 
plans with Computerworld at the 
Storage Decisions conference 
here last week. 


Has HP’s StorageWorks been 
affected by the change of 
CEOs? Storage is top of mind at 
HP. The interesting questions 
roaming around last year were, 
“Was HP committed to storage? 
Who are they? And what do they 
want to be when they grow up?” 
Mark Hurd reconfirmed our com- 
mitment to storage. . . . Mark 
Hurd’s committed to storage. 
We're committed to storage. 


Did the announcement of 
14,500 layoffs over six quar- 
ters and the change of com- 
mand hurt morale in your op- 


eration? | think when you have 
downturns in business, and 
they're reflected in the price of 
shares, and that’s reported in the 
press, that really impacts 
morale. We're seeing the 
success of our products in 
the marketplace, and we're 
seeing our stock go up. | think 
the morale is positive. 


How would you compare 
Hurd’s style of leadership 
with Fiorina’s? | don’t want to 
comment on that. | would just say 
in all fairness to all people that the 
focus on storage has always been 
there. Mark has re-engaged and 
reinvigorated that focus. 


HP has agreed to acquire 
ApplQ [QuickLink 56945], 
whose products work with 
multivendor storage systems. 
Once you own ApplQ, do you 
expect that users will view its 
products as proprietary tech- 
nology? Look at the base tech- 
nology. It’s all about heterogene- 
ity. Even if we wanted to say it's 
all about HP-UX and our XP 
servers, let's be practical. That's 
not the design point or the goal 


: of the product. Heterogenous 


management is critical to our 
customers. As much as we'd 
love to be the only technology 

in any environment, it's a hetero- 


- genous world out there. 


Will HP continue to push 
ApplQ’s proposal to make its 
Storage Management Inter- 
face Specification an indus- 
try standard? AppiQ is still an 
external company, so | can’t 
comment on how AppiQ wants 
to do it. We're very committed to 
standards. We're very collabora- 
tive on standards, and we're go- 
ing to continue that process. 


IBM, Microsoft and Symantec 
recently came out with con- 
tinuous data protection prod- 
ucts [see story, page 10]. 
What’s your CDP plan? We 
believe data protection is ripe for 
change. There's a lot of capabili- 
ties now that didn’t exist before 
that transform how people do 


: data protection. We're taking 
: that next step with CDP prod- 
: ucts with [HP's Data Protection 


Storage Servers]. 
~- Lucas Mearian 
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HP User Group’s Bid for Operating 
System Faces Funding Dilemma 


OpenMPE.org says it would need 
$1.5M to start, $IM a year after that 





BY PATRICK THIBODEAU 
Hewlett-Packard Co.’s deci- 
sion to drop its HP e3000 sys- 
tem was unpopular with users, 
who are fighting back with a 
plan to keep the midrange 
line’s MPE operating system 
source code alive so they can 
continue running the e3000 
beyond December 2006, HP’s 
end-of-support date. 

But OpenMPE Inc., the 
group formed four years ago 
by e3000 users to gain access 
to the source code in order to 
provide ongoing support and 
patches, may face the classic 
chicken-and-egg problem. 

OpenMPE would need 
about $1.5 million in user fees 
to provide support for the op- 
erating system in its first year 
and $1 million annually in sub- 
sequent years. But users aren’t 
likely to commit to paying fees 
until HP decides the fate of 
the source code, which it’s 
scheduled to do by year’s end. 

If HP releases the code 
to OpenMPE, “it would en- 
able us to go to the people 
we need to go to and actually 
have something to talk about,” 
said John Wolff, vice chairman 
of the Hagerstown, Md.-based 
organization. Wolff, CIO at 
Los Angeles-based Laaco Ltd., 
which operates self-storage 
facilities and private clubs, 
said he’s concerned that HP 
will tie its decision about the 
code to OpenMPE’s ability to 
raise money. 


‘Not a Priority’ 

But David Wilde, HP’s e3000 
business manager, said in a 
written response to questions 
that OpenMPE’s fundraising 
progress “is not a primary 
consideration in our decision- 
making process.” He added 
that HP officials “are looking 
at a variety of options, includ- 
ing access to source code by 
one or more partners other 
than OpenMPE.” 








OpenMPE officials believe 
that access to the MPE source 
code, as well as the ability to 
change it and develop patches, 
will be critical to users who 
plan to continue using their 
e3000s after HP support ends. 

Birket Foster, OpenMPE’s 
president and head of MB Fos- 
ter Associates Ltd., a consult- 
ing firm in Chesterville, On- 
tario, estimated that about 
2,000 companies will still be 
using e3000 systems after sup- 
port ends. In some cases, mi- 
grations will take several years 





to complete, he said. 

But, Foster added, many 
firms that are migrating won’t 
be able to move all their data 
off the e3000 and will need 
continued access to the sys- 
tems to satisfy auditing and 
regulatory requirements. 


Support May Suffer 
Even if HP gives OpenMPE ac- 
cess to the source code, sup- 
port may suffer if the vendor 
limits the group’s ability to 
make changes and update the 
software. Foster said patch- 
level support is a minimum 
requirement for e3000 users. 
HP stopped selling the pro- 
prietary minicomputers two 


years ago. Wolff and others in- 
volved in OpenMPE said that 
releasing the operating sys- 
tem’s source code to the group 
would help the company im- 
prove its relations with the re- 
maining e3000 users. 

However, HP sent a note 
last month to certified MPE 
systems administrators notify- 
ing them that the certification 
was no longer recognized and 
that they no longer hold the 
title of “HP certified profes- 
sional.” 

That action drew an unhap- 
py response from Paul Ed- 
wards, a Carrollton, Texas- 
based consultant who, along 
with Ellicott City, Md.-based 
Alden Research Inc., recently 
reached an agreement with 
HP to provide ongoing MPE 
training. Edwards said the sit- 
uation is similar to a universi- 
ty telling graduates “that their 





Code Choices 


WHAT OPENMPE WANTS 
Access to the e3000 source code, with 
the ability to patch, update and rewrite 
the code as necessary. 


WHAT IT NEEDS 
$1.5 million to pay for initial engineering 
support, hardware setup and other 
first-year costs, and about $1 million 
in subsequent years 


HP’S OPTIONS 
License the source code to OpenMPE 
or to one or more third-party vendors, 
or take no action. It will announce a 
decision by year's end. 


degree is no longer valid.” 


Wilde said HP is “reinvesti- 
gating” the certification issue, 


|} but the company has no time- 


table for making a decision on 


the matter. @ 57203 








Hosted Services Tapped to 
Manage Data on Chemicals 


Manufacturers 
replace paper safety 
info sheets with 
online systems 


BY JAIKUMAR VIJAYAN 
An emerging class of hosted 
services is designed to make it 
easier for manufacturing com- 
panies to manage the material 
safety data sheets (MSDS) re- 
quired for each of the chemi- 
cals used in their products. 
Last week, 3E Co., a Carls- 
bad, Calif.-based provider of 
Web-based chemical manage- 
ment services, launched Ver- 
sion 2.0 of its 3E Online offer- 
ing. The upgraded service al- 
lows users to more quickly 
search for MSDS information 
across multiple sites, and it 
makes it easier for manufac- 
turers to verify their compli- 
ance with international stan- 
dards regulating the use of 
chemicals, according to 3E. 
Due to make a similar an- 
nouncement next week is Ac- 
tio Corp., a Hampton, N.H.- 
based application service 
provider that offers a portfo- 
lio of chemical management 





services. Enhancements to 
Actio’s MSDS Vault service 
include new features for han- 
dling preliminary screening of 
chemicals, inventory manage- 
ment and chemical tracking. 
“The primary return on 
such services is compliance 
assurance,” said Jeet Radia, 
assistant vice president in 


| charge of environmental is- 


sues at McWane Inc., a maker 
of cast-iron pipes and fittings 
in Birmingham, Ala. 


Regulatory Requirements 
Like other manufacturers, 
McWane is required to main- 
tain detailed MSDSs listing 
the physical attributes, toxici- 
ty and health effects of each of 
the chemicals used in its prod- 
ucts, as well as its procedures 
for disposing of them. 

The data is required under 
the Occupational Safety and 
Health Administration’s Haz- 
ardous Communication Stan- 
dard and is designed to give 
employees and emergency 
workers information on the 
proper handling of chemicals. 

Until recently, McWane 
maintained 10,000 MSDSs 





Online MSDS services: 


= Customers hand over a complete 
inventory of all the chemicals used 
in their products to their service 


« The associated data sheets are 
sometimes sourced directly from 
chemical makers by application 
service providers, which then man- 
age and maintain the data for users. 


« Other service providers require 
customers to scan their MSDS in- 
formation into the online system 
they're using 


across its 25 facilities using a 


paper-based approach that 
made the information difficult 
to access and even harder to 
update. The process was cum- 
bersome and imprecise, said 
Radia, adding that the data 
sheets lacked a consistent for- 
mat and often were illegible. 
McWane signed up for a 
managed MSDS service with 


| Safetec LLC in Vancouver, 


Wash., about six months ago. 
Under the arrangement, Safe- 
tec is scanning all of McWane’s 
MSDSs into a more organized 
online system that makes it 
easier to retrieve information, 
Radia said. 

The improved access has 





also allowed the company to 
tie its enterprise environmen- 
tal management system to 

the MSDS data to allow for 
quicker chemical compliance 
checks during the manufactur- 
ing process. 

Behr Process Corp. in Santa 
Ana, Calif., switched from a 
paper-based system to Actio’s 
service two years ago and has 
seen significant improvements 
in its ability to comply with 
OSHA requirements, said 
Michael Butler, the paint man- 
ufacturer’s director of envi- 
ronmental and regulatory af- 
fairs. The hosted service has 
also helped Behr expedite the 
preparation of federal, state 
and local reports relating to its 
use and storage of chemicals, 
he said. 

Cost considerations are an- 
other factor for users, said 
Russ McCann, Actio’s presi- 
dent and CEO. Companies 


| typically spend about $50 per 


year for every MSDS they 
maintain themselves, McCann 
said. In contrast, Actio’s ser- 
vice starts at about $7,500 an- 
nually for a five-year contract, 


| plus $10 per year for each 
| MSDS the vendor manages. 


Officials at 3E and Safetec 
declined to disclose pricing 
for their services, saying it 
varies by customer. @ 57201 
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Intel Invests in 
Software Start-up 


Intel Capital, the venture capital 
arm of Intel Corp., led Virtual iron 
Software Inc.’s latest $8.5 million 
financing round. The 2-year-old 
virtualization company was former- 
ly known as Katana Technology. 

It has also signed a nonexclusive 
collaboration agreement with In- 
tel. Virtual Iron raised $20 million 
in two prior rounds of financing. 


AMD Adds Three 
Opteron Processors 


Advanced Micro Devices Inc. has 
released three dual-core Opteron 
processors for x86 servers and 
workstations. The Model 880, 
which can have up to eight proc- 
essors, and the 280, which is for 
dual-processor systems, are ship 
ping at $2,649 and $1,299, re- 
spectively. The $799 Model 180 
for one-processor, two-core sys- 
tems ships later this month. 


Microsoft, JBoss 
To Link Offerings 


JBoss Inc. and Microsoft Corp. 
last week unveiled plans to en- 
hance the interoperability be- 
tween the JBoss Enterprise Mid- 
dieware System and Windows 
Server products. This technical 
partnership is the first such al- 
liance between Microsoft and 
JBoss, which estimated that half 
of its customers run its JBoss 
Enterprise Middleware System 
on Microsoft’s Windows Server. 


CSC Wins $42.3M 
Defense Contract 


Computer Sciences Corp. has won 
a $42.3 million, four-year con- 
tract to provide Web hosting and 
applications support services to 
the Defense Technical Information 
Center, which shares technical in- 
formation among U.S. Defense 
Department personnel, contrac- 
tors and other government agen- 
cies. The new agreement follows 
a five-year, $25 million contract 
DTIC signed with CSC in 2001. 
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IT Services Concerns 
Are Trumping.. . 


. .. Widget-centric thinking among Fortune 1,000 COs. 
And feeding the growing need for IT services also 
happens to be a nice way for vendors to pocket more 
of the dollars in those CIOs’ budgets, says Thomas 
Lah, executive director of the Technology Profes- 


sional Ser- 
vices Asso- 
ciation in 
San Diego. 
Formed last 
month as a 
sister organi- 
zation to the 
Service & 
Support Pro- 
fessionals As- 
sociation for 
IT help desk 
workers, the TPSA hopes its 
members will share best prac- 
tices information. Its first 
event will be a webcast on 
Oct. 20, and its initial confer- 
ence will be in April. “There’s 
been a mental shift in how 
Fortune 1,000 companies con- 
sume technology,” Lah ar- 
gues. Open systems, he says, 
have created vast integration 
problems that CIOs are now 
pushing back on vendors to 
resolve. “Suddenly, profes- 
sional services capabilities 
are critical if a vendor wants 
to get the sale,” Lah notes. But 
not all IT services organiza- 
tions are equal, so CIOs need 
to scrutinize them carefully, 


oe 
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services are 
lg l(cer] Bon (Oo 


| he advises. First, is the ven- 
dor’s professional services 
strategy mature? That is, does 
its business model make 
sense, and is it attacking the 
right verticals or services 
specialities? Second, Lah says, 
make sure your vendor’s ser- 
vices group has the right in- 
frastructure. Is it staffed ap- 
propriately? Are its opera- 
tions automated? Finally, Lah 
suggests that you should 
“learn how embedded the 
culture of professional ser- 
vices [is] in the company.” If 
a vendor is more interested in 
selling you widgets than in 
learning about your overall 
IT issues, you might want to 
opt for another one, he says. 


European Union rules 
on safer hardware... 
... have produced a “picture 

of inaction and confusion.” So 
says Peter West, vice presi- 
dent of marketing at River- 
One Inc. in Irvine, Calif. Two 
EU directives — one dealing 
with the disposal of electrical 
and electronic equipment, 
and the other focusing on re- 











ducing the 
use of haz- 
ardous sub- 
stances — 
are set to 
take effect 
next July. 
They will 
regulate the 
chemical 
compounds 
used in computers and other 
hardware and define what 
can and can’t go into Europe’s 
landfills. West calls the new 
rules “a major supply chain 
issue” for IT vendors and 
users. According to West, 
RiverOne’s Interactive 6.5 
software tool, which is due to 
ship by the end of the year, 
will be able to track IT gear 
from the moment the equip- 
ment hits your SAP-based 
ERP system. That should help 
users “prove compliance for a 
whole [product] and not just 
the individual parts,” he says. 


"i stodt 
New EU 
vem ee 


Compliance toois 

keep coming... 

... and coming and coming. 
The latest is a free download 
available this week from Bind- 
View Corp. in Houston. Steve 
Kahan, BindView’s vice presi- 
dent of marketing, says BV- 
CAT walks 
you through 
a series of 
questions to 
evaluate the 
efficiency of 
your regula- 
tory compli- 
ance process- 
es. The tool 
can also run 
configuration 
checks ona 
computer 

to determine whether it will 
pass muster in an audit. 
Kahan claims BV-CAT can 
help assess compliance with 
Basel II, the Sarbanes-Oxley 
Act, the Federal Information 
Security Management Act, 
the Payment Card Industry 
Data Security Standard and 
the Gramm-Leach-Bliley Act. 
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3 HOT TECHNOLOGY TRENDS, NEW PRODUCT 


C ONTHE MARK 


: NEWS AND INDUSTRY BUZZ BY MARK HALL 


Support for the Health Insur- 
ance Portability and Account- 
ability Act is next, he says. 


The thin-client market 
is thickening. . . 

... vendors’ wallets. That’s the 
word from the top two thin- 
client makers — Neoware 
Systems Inc. in King of Prus- 
sia, Pa., and Wyse Technology 
Inc. in San Jose. Neoware 
CEO Michael Kantrowitz says 
there has been “a seismic 
shift” away from deploying 
fully distributed computing 
systems. CIOs have learned 
that a pure distributed com- 
puting environment isn’t effi- 
cient, he says. Ironically, Mi- 
crosoft Corp. 

helped shake 

up IT’s devo- LE 
tion to PC- 0 
centric think- IDC’s 2005 
ing by giving CTU Cag 
Windows meu 
Server 2003 MU Las 
the ability to 8 Le 
handle thin 

clients, Kantrowitz notes. 
Wyse CEO John Kisch sees 
three different forces behind 
a recent growth spurt in his 
company’s business. First, se- 
curity problems are greatly 
minimized by a lack of hard 
drives on thin clients, Kisch 
says. Then there’s Japan’s Per- 
sonal Information Protection 
Act. That law, he says, makes 
it a crime to store customer 
data on PCs. It was driven by 
a scandal in which personal 
information on 4.5 million 
broadband services sub- 
scribers was lost from a PC. 
Finally, Kisch says, CIOs are 
trying to validate their invest- 
ments in back-end systems 
infrastructure by swapping 
out pricey PCs for low-cost 
thin clients. Bob O’Donnell, 
an analyst at IDC, thinks PC 
security problems and im- 
proved network reliability are 
spurring “dramatic” growth 
in the thin-client market. 
And, he argues, “the trends 
are just starting to resonate 
with IT.” @ 57161 





Saad eo 
Re) ey INO Seana MGET THE FACTS. 


RAYOVAC CHOSE WINDOWS SERVER 
SYSTEM AND EXPECTS TO SAVE NEARLY 
ONE MILLION DOLLARS. 


“By choosing Windows Server™ over Linux for our 
new SAP APO solution, we'll save an estimated one 
million dollars in software, staffing, aiid support costs 
over the first four years. We needed performance, 
security enhancements, and reliability at a reasonable 
price, and Linux would have presented additional 
risks in all of those areas. It may be the new thing 
from a technical perspective, but Linux doesn't cut 
it from a business perspective—| need a proven IT 
environment that I'm sure we can support.” 


—Rick Dempsey, Chief Information RAYOVAC’ 


Officer, Rayovac 


For tase er other third-party findings, go to 


‘ s 1090, Windows Server; and Windows Server System are either registered 
Loge oo pepe haem i enlace 
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SAP Oracle Stage Events to Plug Middleware 


BY MARC L. SONGINI 
BOSTON 
HE TWO MAJOR rivals 
in the business ap- 
plications business, 
SAP AG and Oracle 
Corp., touted their middle- 
ware offerings while tossing 
barbs at each other before sep- 
arate audiences here last week. 
At its TechEd 2005 user 
conference, SAP unveiled the 
Enterprise Services Commu- 
nity Process, a public forum 
where SAP customers and 
third-party vendors can offer 
potential upgrades to the com- 
pany’s Web-services-based 
Enterprise Service Architec- 
ture. A crucial part of SAP’s 
strategy, the ESA blueprint 
is enabled by the vendor’s 
NetWeaver middleware tech- 
nology. 
At the same time, a mile or 
two away, Oracle officials 





plugged their company’s Fu- 
sion middleware, a repackag- 
ing of its application server 
and portal products. Oracle 
is also stamping the Fusion 
moniker on its upcoming ap- 
plication suite, in which it will 
merge its products with those 
of the companies it has ac- 
quired, such as PeopleSoft Inc. 
and Siebel Systems Inc. 

Peter Graf, executive vice 
president of solution market- 


| ing at SAP, described the Ora- 
| cle middlew 


yare as a consolida- 
tion of past technologies. On 
the other hand, he said, Net- 
Weaver is new technology. 
During Oracle’s executive 
briefing on middleware, 
Thomas Kurian, the vendor’s 
senior vice president of mid- 
dleware development, criti- 
cized NetWeaver for being 
based on the proprietary Ad- 
vanced Business Application 
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ESA is enabled by SAP’s Net- 
Weaver middleware platform. 


Companies that incorporate 
Sy Werle MON eel ecy 
will receive an “Enterprise 
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Programming language. Ora- 
cle, however, bases Fusion on 
the Business Process Execu- 
tion Language, which “is au- 
thored by a bunch of players,” 
Kurian said. 

“More SAP customers 
use Fusion middleware as en- 
terprise middleware today 
than than NetWeaver by far,” 





| Kurian contended. 

The vice president of IT at 
a company that has one the 
largest SAP implementations 
said NetWeaver helps his firm 
align SAP products with other 
Web-enabled applications. 

The company, which he 
asked not be named, runs 
SAP’s ERP software and Self 
Service modules. The modules 
operate with the Enterprise 
Portal, a component of Net- 
Weaver, said the executive, 
who asked not to be identified. 

The executive said he’s con- 
sidering using NetWeaver in 
custom development projects. 
And, he said, the Community 
Process initiative could help 
expand the number of part- 


ners in SAP’s ESA “ecosystem” 


and help drive further adop- 
tion of NetWeaver. 

Fusion middleware — in- 
cluding the Oracle application 





servcr and portal — is crucial 
technology at Aviva Life In- 
surance Co., said Chief Tech- 
nology Officer Greg Partyka, a 
speaker at the Oracle briefing. 
The Quincy, Mass.-based 
insurer has a mix of systems, 
including mainframe-based 
Cobol applications, that re- 
quire Oracle middleware to 
help create integrated busi- 
ness processes, said Partyka. 
The Fusion software is used 
to transform data that cus- 
tomers provide into a usable 
format, he said. The integration 
software gives Aviva the flexi- 
bility co invest in applications 
without worrying about them 
growing obsolete, he added. 
Partyka said the insurance 
firm also intends to use Fusion 
to link disparate systems and 
launch Web-services-based 
service-oriented architecture 


processes. @ 57206 





Survey Finds Good Communication 
Key to Managing Data Breaches 


BY JAIKUMAR VIJAYAN 
Effective communication can 
help companies limit the dam- 
age to their reputations and 
the loss of business that can 
result from security breaches 
in which customers’ personal 
data is exposed. 

That was one of the findings 
from an e-mail survey of more 
than 1,100 individuals who 
identified themselves as being 
victims of security breaches. 
The survey was conducted 
during the summer by the 
Tucson, Ariz.-based Ponemon 
Institute, and the results were 
released last week. 

Nearly 20% of the respon- 
dents said they had terminat- 
ed their relationships with the 
companies that lost their data, 
while another 40% said they 
might do so, according to Lar- 
ry Ponemon, the institute’s 
founder. But the fact that al- 
most 12% of the respondents 
said that their confidence in 
the companies had actually in- 
creased after they were noti- 
fied of security breaches 
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points to the value of good 
communication, he added. 
Companies that are straight- 
forward in disclosing what 
they know about breaches are 
likely to see far fewer cus- 
tomer defections than busi- 
nesses that are evasive about 
the details, Ponemon said. 
The form that the notifica- 
tion takes also appears to in- 
fluence customers. For in- 
stance, standard form letters 
and e-mail messages are 
viewed far more skeptically 
than personalized letters and 
phone calls, Ponemon said. 
David Bender, co-chairman 
of the privacy practice at New 





York-based law firm White & 
Case LLC, the sponsor of the 
survey, said that although it’s 
reasonable to expect some 
customers to give up ona 
company after it suffers a 
well-publicized breach, the 
percentages in the survey 
were a surprise to him. 

“No one expects the conse- 
quences will be good,” Bender 
said. But, he added, it is un- 
clear “just how serious the 
ramifications can be.” 

The extent of the fallout also 
depends on the type of organi- 
zation that loses the data, said 
Christopher Pierson, a lawyer 
at Lewis & Roca LLC in Phoe- 
nix. Bank customers, for exam- 
ple, can take their business 
elsewhere. But the same isn’t 
always true for, say, college stu- 
dents or patients of health care 
providers, he said. @ 57205 


Security breaches are all but inevitable. 
So it's a good idea to have a plan in place 
for how your company will respond when 
something happens. See page 39. 





Iron Mountain Touts Value of Encryption 


OFF-SITE DATA ARCHIVING 
vendor Iron Mountain Inc. last 
week signed a deal to use De- 
cru Inc.'s technology to encrypt 
all of its internal data that’s 
backed up to digital tape. 

Iron Mountain executives 
said the move was made in 
part to set an example for cus- 
tomers, though IT managers at 
the Storage Decisions confer- 
ence in New York last week 
downplayed the need for such 
tools. 

Leonard Lu, a network archi- 
tect at TD Waterhouse Group 
Inc. in New York, said his net- 
work provides security for data 
that's actively being used. Lu 
said that encrypting archived 
data is simply too much of a 
hassle. “The question is, do we 
want to encrypt data right down 
to the last digit?” he said. 

Despite those doubts, “we're 
trying to make sure the industry 
is aware that encryption is a key 
technology to be embraced,” 
said Kevin Roden, CIO at 
Boston-based Iron Mountain. 


breaches have led to the loss of 
unencrypted data at several 
high-profile companies, includ- 
ing Bank of America Corp., 
Ameritrade Holding Corp., 
ChoicePoint Inc., LexisNexis 
Group and Time Warner Inc. 

In Time Warner's case, tapes 
that contained private informa- 
tion on 600,000 former and 
current employees were lost in 
May during a routine shipment 
to an Iron Mountain archival 
facility (QuickLink 54267}. 

Iron Mountain said that while 
there are several options for im- 
plementing encryption - includ- 
ing backup software and appli- 
cation-based technology - 
large companies with expand- 
ing volumes of information and 
shrinking backup windows 
need faster throughput for 
backing up data. 

“We had to find a solution to 
encrypt our data and still main- 
tain backup windows. That 
iuled out software-based en- 
cryption, which introduces sub- 
stantial overhead,” Roden said. 

~ Lucas Mearian 
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RIM Commits to 
Intel’s Hermon Chip 


Research In Motion Ltd. has 
agreed to use Intel Corp.’s mobile 
processor, code-named Hermon, 
in its BlackBerry devices, the 
companies said last week at the 
CTIA Wireless IT and Entertain- 
ment conference in San Francis- 
co. RIM is the first company to 
publicly commit to the Hermon 
chip, which is slated to be official- 
ly released later this year. 


Dell, TRW Extend 
Pact by Three Years 


Dell Inc. said it has signed a three- | 


year extension of its contract 
with TRW Automotive Holdings 
Corp. Under terms of the deal, 
automotive supplier TRW will 
standardize on Dell enterprise 
products and services for its 
200-plus facilities in 24 countries 
throughout North and South 
America, Europe, Africa and the 
Asia-Pacific region. The value of 
the deal wasn’t disclosed. 


Cisco, Trend Micro 
Unveil Service 


Cisco Systems Inc. and Trend 
Micro Inc. have jointly developed 
a security service for Cisco net- 
working products that’s designed 
to curb the spread of worms and 
viruses. The new service, called 
the Cisco Incident Control Sys- 
tem, will help administrators set 
network security policies on Cisco 
hardware, based on information 
provided by Trend Micro. 


Microsoft, Intel 
Back HD-DVD 


Microsoft Corp. and Intel Corp. 
plan to back HD-DVD, the next- 
generation DVD storage format 
being developed by the DVD Fo- 
rum. The two vendors joined the 
HD-DVD Promotion Group, which 
promotes adoption of the optical 
disc format. Microsoft had previ- 
ously remained neutral in the bat- 
tle between the HD-DVD and Blu- 
ray Disc optical disc formats. 


NEWS 


Disk-to-disk technology promises to cut 
costs, speed backup and restores of data 





BY LUCAS MEARIAN 
ICROSOFT Corp. 
and Symantec 
Corp. last week 
each announced 

the availability of continuous 

data protection (CDP) prod- 
ucts that can back up incre- 
mental copies of files to local 
servers and restore them in 
seconds. 

Cupertino, Calif.-based 
Symantec went a step further 
with the unveiling of a sepa- 
rate application to help IT 
managers restore the Win- 
dows Server 2003 operating 
system locally and remotely. 

Bob Graham, senior vice 
president of information sys- 
tems at Farmers & Merchants 
Bank Corp. in Timberville, Va., 
has been beta-testing Syman- 
tec’s disk-to-disk Backup Exec 
10d with CDP and plans to buy 
it next month. 

Since installing the new sys- 
tem, the bank has been using a 
new Dell Inc. network-attached 
storage array to back up 48 
servers in 21 branch offices. 

Before installing the CDP 
software and NAS array, the 
bank used tape backup sys- 
| tems, and restores took two 
days on average. Once the disk- 
to-disk technology is fully in- 
stalled, restores will take about 
five minutes, Graham said. 


New Offerings 

The Symantec software, avail- 
able Oct. 10, allows workers to 
| restore files through a Web- 
based interface. 

The second new Symantec 
offering, LiveState Recovery 
6.0, can restore Windows 
Server 2003 to physical or 
virtual servers such as those 
from VMware Inc. or Micro- 
soft’s Virtual Server 2005. 

The Microsoft disk-to-disk 
backup product, Data Protec- 
tion Manager (DPM), can 








save up to eight snapshots 
of data off Windows servers 
throughout the day, allowing 
IT administrators to restore 
files from disks faster and 
use a larger number of data 
points from which to recover 
information. 
Microsoft announced DPM 
a year ago [QuickLink 49553]. 
James Tarala, CIO and chief 
technology officer at Schenck 
Business Solutions, recently 
purchased DPM and expects 
that it will eliminate daily tape 





Microsoft, Symantec 
Ready CDP Products 


backups at 1] remote offices. 
He plans to replicate snap- 


| shots to three new EqualLogic 


Inc. iSCSI storage arrays at his 
primary data center in Apple- 
ton, Wis. 

“One thing I like is that the 
DPM product is less expen- 
sive” and works faster than 
full or incremental tape back- 
ups, Tarala said. 

CDP products come in two 
iterations. Those like IBM’s 
[QuickLink 56459], which 
record every change to data at 
the byte level, allow IT admin- 
istrators to restore to any 
point in time. Those like the 
Microsoft ard Symantec tools, 
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which take periodic snapshots 
of data, allow recovery back to 
specific points in time. 
Whichever model is used, 
CDP can dramatically improve 
the speed of data restoration 
as well as the recovery point 
objectives when compared 
with traditional incremental 
or full backups, said Brian 
Babineau, an analyst at Enter- 
prise Strategy Group Inc. in 
Milford, Mass. @ 57202 





Novell Server Was Used to Look for 
Vulnerable Ports on Other Computers 


Vendor confirms 
scanning activity, 
disputes amount 


BY JAIKUMAR VIJAYAN 
A server belonging to Novell 
Inc. was hacked into and then 
used to scan for vulnerable 
ports on other computers, ac- 
cording to an Internet security 
consultant who reported the 
problem to Novell last week. 

Chris Brandon, president of 
Brandon Internet Security in 
Alexandria, Va., said he was 
first alerted to the problem 
when a client reported scan- 
ning activity on its systems. 
According to Brandon, the 
scans began Sept. 21 and were 
targeted at TCP Port 22 — the 
default port for Secure Shell 
services. SSH programs are 
used to log into other comput- 
ers over a network or to exe- 
cute remote commands and 
move files among machines in 
a secure fashion. 

Brandon said he traced the 
scans to a server with an IP 
address assigned to Novell. 
He added that the system 





appeared to be running a mail 
server for a gaming site called 
Neticus.com that was hosted 
on a separate server also 
belonging to Novell. 

Brandon made logs docu- 
menting the scans available to 
Computerworld. He claimed 
that judging by the large num- 


| ber of IP blocks that were 


scanned, “millions” of com- 
puters may have been probed 
for SSH-related weaknesses. 


Investigation Continues 
Kevan Barney, a Novell 
spokesman, confirmed that 
one of the company’s servers 
had been scanning other sys- 
tems. But he said that as of last 
Friday, the company’s IT staff 
was still investigating whether 
the server had actually been 
hacked into from the outside, 
as Brandon asserted. 

Barney also said that the 
server doing the scans wasn’t 
running a mail server for the 
gaming site. Instead, it was a 
test server that was installed 
outside of Novell’s firewalls, 
he said, adding that the server 
has run different operating 





systems at various times. 

In addition, Novell is chal- 
lenging Brandon’s claim that 
its server was used to scan 
millions of other computers. 
“We see no evidence that the 
scans were so widespread, so 
we aren’t sure how he came 
up with that number,” Barney 
said. He added that it’s hard to 
know precisely how many sys- 
tems were scanned. 

During the course of its 
investigation, Novell did find a 
separate company-owned 
server that was hosting the 
Neticus.com game site. But 
that server was in no way con- 
nected to the scanning activi- 
ty, Barney maintained. The 
game site, which was run by a 
single employee, has since 
been taken down, he added. 

Neticus is the name of a 
now-defunct Internet service 
provider owned by Novell that 
provided its employees with 
access to the Internet, e-mail 
and newsgroups. Barney said 
Novell officials are looking 
into how and why a Neticus 
server came to be used to host 
a game site. @ 57199 
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Microsoft to Double 
Workers at Indian Unit 


BANGALORE, INDIA 

ICROSOFT CORP. will nearly 
AV double the workforce at its 

Indian subsidiary’s facilities in 
Hyderabad and Bangalore by next 
March, according to sources familiar 
with the plan. The sources last week 
confirmed news reports from Hyder- 
abad, where Microsoft has a large 
development operation. 

Once the hiring effort is completed, 
Microsoft India will employ about 3,000 
workers in Hyderabad and Bangalore, 
the sources said. Officials at Microsoft 
India weren't available for comment. 

In Hyderabad, Microsoft currently 
employs 600 software developers at 
one product development center and 
another 500 at a second facility. The 
company’s Bangalore- 
based Global Technical 
Support Center, which 
provides phone and e-mail 
support to Microsoft 
users, has about 500 
workers. 

Late last year, Microsoft 
CEO Steve Ballmer told 
reporters in Hyderabad 
that the company planned 
to hire hundreds of new 
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workers in India during 2005. At the 
time, Ballmer promised that the Indian 
hirings wouldn’t lead to a loss of jobs 

in the U.S. 

m JOHN RIBEIRO, IDG NEWS SERVICE | 


German Insurer, Doctors 
Test E-health Cards 


DOSSELDORF, GERMANY 

SYSTEMS INTERNATIONAL GMBH, 
Te IT services arm of Deutsche 

Telekom AG, is collaborating with 

a German health care and insurance 
group to test electronic health cards 
ahead of a government mandate to in- 
troduce the technology in Germany 
next year. The pilot, launched last 
week, involves three doctors’ offices, 
50 patients of the health care provider 
Bundesknappschaft and a hospital in 
the city of Bottrop. 

T-Systems is moving 
ahead with the pilot even 
though government IT of- 
ficials have yet to finalize 
standards for the systems. 
In addition, health care 
providers and insurance 
companies have yet to 
agree on where and how 
patient files will be elec- 
tronically stored, said 
Volker Apel, health care 
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project director at T-Systems. 

Once the pilot project is completed, 
T-Systems and Bundesknappschaft 
plan to equip 20,000 insured patients 
and 75 physicians with the electronic 
cards during next year’s first quarter. 
mw JOHN BLAU, IDG NEWS SERVICE 


China Looks to Tighten 
Control of Online News 


BEIJING 
E CHINESE GOVERNMENT has 
i created a new set of regulations 
intended to tighten control over 
news reported on the Internet. 

The rules replace a set of regulations 
implemented in 2000 and go into ef- 
fect immediately, according to Xinhua, 
the official Chinese news agency. The 
regulations were developed by China’s 
Ministry of Information Industry and 
the State Council, the country’s highest 
administrative body. 

The new guidelines encourage Inter- 
net news sites to report news that is 
“healthy” and promotes economic and 
social progress, Xinhua said. 

What impact the new regulations 
will have wasn’t immediately clear. 
The enforcement of government regu- 
lations isn’t always consistent and can 
fluctuate depending on political priori- 
ties, said Duncan Clark, managing di- 
rector at BDA China Ltd., a consulting 
firm in Beijing. @ 57149 
m SUMNER LEMON, IDG NEWS SERVICE 
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Briefly Noted 


Karvy Consultants Ltd. in Hyder- 
abad, India, has set up a business 
process outsourcing unit called 
Karvy Global Services Ltd. The new 
business, which will be officially 
launched this month, now employs 
250 people and plans to have 
4,000 workers within five years. 

@ JOHN RIBEIRO, IDG NEWS SERVICE 


The World Health Organization 
has selected Satyam Computer 
Services Ltd. in Hyderabad to im- 
piement an ERP system throughout 
the WHO's offices in more than 140 
countries. The Global Management 
System will be based on Oracle 
Corp.’s applications. 


Toshiba Corp. plans to show its 
first notebook computer with a 
bullt-in HD-DVD drive at the Ceatec 
Japan 2005 exhibition next month. 
The next-generation DVD format, 
developed by the DVD Forum, will 
be incorporated In Toshiba's high- 
end Qosmio notebook line. 

@ SUMNER LEMON, IDG NEWS SERVICE 


will be gone by December. 


IT Groups Push Congress to Raise H-1B Visa Limits 


BY PATRICK THIBODEAU 
Nikita Dolgov is a software en- 
gineer who lives in Moscow 
and would like to get an H-1B 
visa to work in the U.S. He’s 
aware of the controversy sur- 
rounding the visa program, 
but that hasn’t lessened his 
desire to work here. 

“This is the original country 
for computer science,” Dolgov 
said of the U.S. during a tele- 
phone interview last week. 
“This is the ultimate place.” 

But it’s getting harder for 
people like Dolgov to get into 
the U.S. The cap of 65,000 new 
visas for the federal govern- 
ment’s 2006 fiscal year, which 
began Oct. 1, was reached in 
August — the earliest that 
has ever happened. Dolgov 
tried to get a visa, but his 





application arrived too late. 
There’s now a push by high- 
tech industry groups to get the 
cap adjusted by Congress be- 
fore it adjourns this year. But 
whatever happens is likely to 
be part of a broader immigra- 
tion reform package, accord- 
ing to industry lobbyists and 
others seeking changes. 
Among the ideas that may 
appear in legislative proposals 
is a flexible cap that would 
provide a method for increas- 
ing the annual H-1B limits 
once a certain level is reached. 
That would allow the number 
of new visas to “rise as need- 
ed,” said Lynn Shotwell, exec- 
utive director of the American 
Council on International Per- 
sonnel, a Washington-based 
group that represents compa- 


nies on immigration issues. 
Proposed reforms may also 
include a measure to allow 
some foreign workers, in par- 
ticular those who hold ad- 
vanced degrees from U.S. uni- 
versities, to get permanent 
residency and bypass the H-1B 
program, according to people 
familiar with the efforts. 
Supporters of a higher H-1B 
cap, such as Harris Miller, 
president of the Information 
Technology Association of 
America in Arlington, Va., 
aren’t sure Congress will act 
on the issue this year because 
hurricane relief issues are tak- 
ing precedence. But Miller 
said that the use of foreign 
workers is critical to U.S. com- 
panies and that the exhausted 
fiscal 2006 cap is an “example 





of the U.S. hurting its global 
competitiveness.” 

U.S. employers aren’t with- 
out options, however. 

Congress last year approved 
an additional 20,000 visas an- 
nually beyond the cap, specifi- 
cally for foreign nationals who 
have earned advanced degrees 
in the U.S. More than 13,000 of 
those visas have been claimed 
for the new fiscal year, and 
Shotwell thinks the remainder 


POSSIBLE LEGISLATION 


Proposed changes to the 
H-1B program may include: 
A flexible cap on new visas. 
= Permanent residency for people who 

hold advanced degrees from U.S. 


schools, with no need for them to 
secure H-1B visas. 





U.S. companies can also hire 
Australian citizens under the 
new E-3 visa program. The E-3 
has been compared to the H-1B, 
but it’s limited to residents of 
Australia and capped at 10,500 
visas per year. Miller said he’s 
skeptical about the E-3 pro- 
gram, adding that he doesn’t 
think many Australian tech- 
nology workers want to come 
to the U.S. 

But the willingness of work- 
ers from many other countries 
to take jobs in the U.S. still ap- 
pears to be strong. 

“There is no dearth of jobs 
for the qualified in India, but a 
USS. job is quite another thing,” 
said Manu Sharma, a New 
Delhi-based e-commerce con- 
sultant. “It’s seen as a career 
landmark, like a prestigious 
MBA, that guarantees strong 
career growth.” @ 57207 
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HP PROLIANT BL20p G3 BLADE SERVER 


with ProLiant Essentials Management Software 
Up to 2 Intel® Xeon™ Processors (3.60GHz/2MB) 
High density: Up to 48 servers per rack 
Flexible/Open: Integrates with existing infrastructure 

- HP Systems Insight Manager™: Web-based networked 
management through a single console 
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+ Integrated Cisco or Nortel switch options 
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Get 2TB of Storage Free ($2,800 Value)’ 
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+ 2GB/1GB Fibre connections to host 
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Continued from page 1 


BI Tools 


The company started the 
effort to whittle its list of BI 
tools in January. Since then, 
the hotelier has cut its count 
of report templates from 210 
to 70, said Robert Richards, 
Carlson's director of applica- 
tion development. 

Two months ago, Carlson 
stopped using one of the six 
reporting tools, and it plans to 
eliminate the rest during the 
next 18 months, he said. 

Having multiple BI products 
made it difficult for users to 
find data, and supporting all of 
the tools left Carlson’s devel- 
opment shop backlogged, 
Richards said. 

“The key is making sure you 
don’t do the development 
more than once,” he noted. 
“We'll be able to display infor- 
mation to the business much 
faster because IT won’t have 
to support multiple tools.” 

The new scorecards will al- 
low the company to provide 
users with metrics they can 
use to adjust operations when 
necessary, Richards added. 


Partners Preferred 


Union Pacific Railroad Corp. 
in Omaha began an effort two 
months ago to consolidate its 
lineup of BI tools from Hyperi- 
on Solutions Corp., Informa- 
tion Builders, SAS Institute 
Inc., Siebel Systems Inc. and 
SPSS Inc., said Rich Dickeson, 
director of business analytics 
at the rail company. 

“I am looking for companies 
that will play well together,” 
Dickeson said. “The fewer 
things I have to support, the 
better. If it is going to be two 
or three, I want those two or 
three to have partnerships 
with each other.” 

Dickeson said he expects a 
bit of pushback from users, 
since some departments have 
five- or six-year investments 
in specific products. 

Keith Gile, an analyst at For- 
rester Research Inc. in Cam- 
bridge, Mass., said BI has 
reached a tipping point as 
companies move to expand ac- 
cess to decision-support data 
beyond power users to a new 
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Alot of these [BI] initiatives are 
IT-driven. We have a tendency 


to move forward at 100 miles an hour 
without taking consideration of the 
business [requirements]. 
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TONY FULLER, 
Vice president and CIO, Rent-A-Center 


and much larger realm of 


| users, such as business execu- 


tives and frontline managers. 
Today, most companies with 
BI tools offer only 5% to 7% of 
their users access to the capa- 
bilities, Gile said. Over the 
next several years, he expects 


that about half of the employ- 
ees within organizations will 
begin to use the technology. 
Such an expansion will re- 
quire companies to reduce the 
number of BI tools they sup- 
port, Gile added. “If you have 
15 BI solutions and you try to 





manage them, pay for them 
and make sure they’re synchro- 
nized — you can’t,” he said. 

Meanwhile, Rent-A-Center 
Inc. has put its business users 
in charge of deciding how to 
use Business Objects SA’s 
BusinessObjects XI software, 
which Rent-A-Center is now 
installing, said Tony Fuller, 
vice president and CIO at the 
Plano, Texas-based household 
goods rental chain. 

Fuller said Rent-A-Center’s 
business units are creating the 
plans for the BI tools effort, 
and the IT operation will de- 
liver on those plans. 





www.computerworld.com 


“That shows we’re serious 
about it being a business func- 
tion,” Fuller said. “I approach 
[business executives] as a 
business leader, not an IT 
executive. A lot of these initia- 
tives are IT-driven. We have a 
tendency to move forward at 
100 miles an hour without tak- 


| ing consideration of the busi- 


ness [requirements].” 

The BI tools, which the 
company will roll out over the 
next 18 months, will eventual- 
ly be used by 35 or 40 execu- 
tives and managers in addition 
to about a dozen power users, 


Fuller said. @ 57200 





Embedded Business Intelligence 
Spreads to Frontline Workers 


Helps staffs make operational decisions 





BY HEATHER HAVENSTEIN 
SCOTTSDALE, ARIZ 
Companies are increas- 
ingly maneuvering to 
use embedded business 
intelligence techniques 
to help frontline work- 
ers make operational 
decisions. 

But IT officials must 
make sure that those 
workers are included 
in the planning proc- 
ess, said some users 
during a panel discus- 
sion at Computer- 
world’s Business Intel- 
ligence Perspectives 
conference here last 
week. 

Irving Tyler, vice 
president and CIO at 
Quaker Chemical 
Corp. in Consho- 
hocken, Pa., said that 
all users in his organi- 
zation use BI tools to make 
decisions. But getting front- 
line users to rely on that data 
is challenging if they don’t 
view the information as credi- 
ble, he said. 

“You have to spend time 
demonstrating that this infor- 
mation comes from [a valid] 
source [so] they can feel com- 
fortable,” Tyler said. 

Quaker has established clear 
lines of data stewardship, iden- 
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tifying managers who 
“own” the data at the 
various steps of a proc- 
ess, he said. “If [work- 
ers] can put a credible 
face — a manager — 
behind that [data], they 
will adopt [BI] much 
more readily.” 


Locate Choke Points 
Union Pacific Railroad 
Corp. uses BI metrics 
to tweak its rail opera- 

' tions to run more effec- 
tively. James Bell, gen- 
eral manager of operat- 
ing services at the Om- 

© aha-based railroad, said 

& the effort’s success will 

depend at least partial- 

ly on input from front- 
line workers. “You have 
to receive business in- 
telligence from the 
front lines,” he said. 

“They will tell you where the 

issues are.” 

Union Pacific plans to use 
predictive modeling to corre- 
late customers’ shipping 
needs with rail car capacity, 
Bell said. Union Pacific 
worked with experts in lean 
manufacturing principles to 
map out critical operations, 
including processing and 
maintaining rail cars, he said. 

Injecting BI data from 





transactional systems into 
those processes has helped 
the railroad identify choke 
points that slow down opera- 
tions — such as cars remain- 
ing in a terminal for 20 hours 
for only one hour of repair 
work. 

At some companies, moving 
the decision-making process 
to the front lines has been a 
boon for managers. 

Jon Farrar, vice president of 
predictive modeling at Union 
Bank of California NA in San 
Francisco, said that as more 
information has been fed to 
frontline workers at his com- 
pany, a lot of managers have 
been relieved because they 
have been unburdened of 
some tactical work and are 
able to focus on strategic 
decision making. 

“It’s a whole mind-set shift 
corporations are going to have 
to adopt; otherwise they won't 
be able to keep up with the 
competition,” Farrar said. 

Meanwhile, Alaska Airlines 
is marrying information 
gleaned from BI analysis on 
airplane utilization and time on 
the ground with customer sur- 
vey results, said James Archule- 
ta, director of customer rela- 
tionship management at the 
Seattle-based airline. 

Correlating that informa- 
tion into “actionable analyt- 
ics” allows customer service 
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A You have to re- 
ceive business 
intelligence from the 
front lines. They will 
tell you where the 


JAMES BELL, GENERAL MANAGER 
OF OPERATING SERVICES, UNION 
PACIFIC RAILROAD CORP. 


representatives to use data at 
their desktops to figure out 
how best to serve customers, 
he said. 

American Republic Insur- 
ance Co. is embedding BI data 
in the processes that its direct 
marketing sales force uses 
when offering Medicare sup- 
plements to customers, said 
Wayne Dow, business systems 
manager of direct marketing 
at the Des Moines-based com- 
pany. Users now have “one- 
click access” to as many as 
400 million rate combinations 
from competitors, he said. 


@ 57204 
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PanGo Upgrades Tools for Tracking Equipment 


BY MATT HAMBLEN 
PanGo Networks Inc. announced an up- 
grade last week of its asset-tracking 
software, as well as a second-generation 
active RFID tag that’s half as big as the 
original version and less expensive. 
PanGo’s system is primarily deployed 
in hospitals, where it uses Wi-Fi net- 
works to transmit data captured by ra- 
dio frequency identification tags placed 
on equipment to a central location. 
The technology is designed to help 
hospital administrators keep track of 
expensive assets, said Mike Braatz, 
vice president of business development 
at the Framingham, Mass.-based vendor. 
The new software, PanGo Locator 
3.0, further automates the site-survey 
process and adds Web-based monitor- 
ing and management tools, as well as a 
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notification function that can send 
alerts about the status of equipment, 
Braatz said. Pricing starts at $30,000 
for 500 endpoints, and the software is 
due to ship this month. 

Meanwhile, PanGo’s Active RFID 
Tag 2.0 device costs about $50 and is 
roughly the size of three AAA batteries 
— 40% of the size of the initial tag the 
company released a year ago. Version 
2.0 includes new wireless security fea- 
tures and a 50% longer battery life, 
Braatz said. 


Proactive Management 

Lifespan Corp., a group of five hospi- 
tals based in Providence, R.I., plans to 
install about 500 of the new tags by 
year’s end, said David Hemendinger, 
chief technology officer at the health 
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care provider. 

One function will be to provide the 
locations of medical equipment so bio- 
medical staffers can perform routine 
maintenance. Having the ability to find 
lost items “is just icing on the cake,” 
Hemendinger said. “The real power of 
this technology is its ability to proac- 
tively manage assets and deliver them 
to the point of care before my users 
even think of having to find them.” 

Gary Bayston, manager of biomed- 
ical engineering at Rockford Memorial 
Hospital in Rockford, IIl., said he plans 
to deploy about 600 of the RFID tags 
in the next two months to track all 
kinds of hospital equipment. 

“I was amazed, but one nurse even 
said she was losing beds in a ward 
some nights,” Bayston said. Apparently, 
workers in another ward had been bor- 
rowing them. 

Ultimately, Rockford Memorial 
might use the PanGo tags to keep track 


VMware Chief 
Looks to Stay 
Ahead of Rivals 


BY PATRICK THIBODEAU 
VMware Inc., a unit of EMC Corp., is the 
top vendor of server virtualization tools. 
But the company is constantly scram- 
bling to stay ahead in an increasingly 
competitive landscape that includes 
Microsoft Corp. and open-source 
vendors. In an interview with 
Computerworld, VMware Presi- 

dent Diane Greene talked about 
emerging competitors and her 
company’s strategy of partnering 

with friend and foe alike. 


As Microsoft and Linux vendors 
start shipping virtualization capabil- 
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Asset Management 
PanGo’s Locator software lets users: 
: Filter assets into on-screen maps, floor 
plans or tabular views for monitoring 
and searching purposes. 


+ Set business rules to trigger automatic 
notifications and alerts about the status 
of assets and their locations. 


+ Create reports with current or historical 
information about the equipment 
that’s being tracked. 


of Alzheimer’s patients and newborn 
babies, according to Bayston. 

Rockford will spend about $80,000 
on the PanGo software and tags, an 
amount that could be paid off within 
six months because of savings on labor 
costs, Bayston said. 

Ekahau Inc. in Helsinski, Finland, 
and AeroScout Inc. in San Mateo, 
Calif., also offer location-tracking sys- 
tems that work over Wi-Fi, said Mar- 
cus Torchia, an analyst at Yankee 
Group Research Inc. @ 57151 


Microsoft will come to dominate your busi- 
ness? We see some differences be- 
tween us and Netscape. One, the tech- 
nology involved is much deeper. 
There’s a lot more complexity and ro- 
bustness requirements on it as well. 
No one cared if a browser crashed. 
And we have very strong partnerships 
with the hardware community, which 
Netscape was not able to do. 


What are your goals in working with the 
open-source community? We are making 
-ge sure that Linux runs really well 
with our products. And we 
regularly contribute to the 
open-source community, too. 


While well-funded start-up Xen- 
Source hasn’t yet released a virtual- 
ization product, do you see it as a 
potential competitor? I don’t know 
where they are going to play, be- 


ities within their products, how are you go- | cause we haven't seen the robustness, 


ing to keep your customers from selecting 
their products over yours? We are work- 
ing well with the open-source commu- 
nity. We are going to continue our 
partnerships with the community at 
large. We announced this community- 
source [program] to allow our partners 
to participate more fully, and we have 
reseller arrangements with all the x86 
hardware vendors. 


Many analysts wonder whether Microsoft 
can hurt VMware like it did Netscape in the 
browser market. Are you concerned that 


performance and functionality of their 
products. We launched an initiative 
around [application programming in- 
terfaces] to standardize some things 
around virtual machines. We certainly 
want to partner with XenSource in 
those areas. 


Has anything changed since your acquisi- 
tion by EMC early last year [QuickLink 
43582]? What difference has it made to 
VMware's operation? We operate as a 
completely independent subsidiary. 
We’re not integrated. @ 57155 
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OPINION 


DON TENNANT 


Parallel Processing 


Y 14-YEAR-OLD DAUGHTER, Shelly, 

recently came across a photograph 

of me when I was about her age. She 

brought it to me and tried to say 

something, but she was laughing so 
hard she couldn’t spit it out. 


I grabbed the photo, a 
little put off by her hyste- 
ria. OK, so I looked like 
an adolescent version of 
Howdy Doody. That was 
no reason to hyperventi- 
late. When I said some- 
thing to that effect, she 
finally regained her com- 
posure. 

“Not you!” she said. 

“The TV! It’s a piece of 
furniture!” 

I looked at the photo 
again, and sure enough, there next to 
me was our old Muntz. For some 
reason, the big wooden cabinet with 
the fabric-covered speaker and the 
disproportionately small screen 
didn’t jump out at me. Shelly, on the 
other hand, took another look at it 
and lost it again. 

That episode was still fresh in my 
mind when I read “Decline of the 
Desktop,” Robert L. Mitchell’s su- 
perb cover story in last week’s issue 
{QuickLink 56909]. I could picture 
Shelly 20 years down the road with a 
daughter who came across a picture 
of Shelly as a kid, next to a desktop 
PC. “Not you, the computer!” her 
daughter would laugh. “It’s a piece of 
furniture!” 

It was just another reminder of 
how so many things that are happen- 
ing in computing and IT have already 
happened in other realms and other 
industries. That’s why it never ceases 
to amaze me, for example, that any- 
one could view offshore outsourcing 
in the IT industry as anything but in- 
evitable. A product or service will be 
sourced wherever it’s available at the 
lowest cost, whether it’s a pair of 
shoes or a line of code. Why does 





that surprise anyone? 
And then, of course, 
there’s the consolidation 
phenomenon. At our 
Business Intelligence Per- 
spectives conference in 
Scottsdale, Ariz., last 
week, I was chatting with 
the director of business 
analysis at a large railroad 
company about the spate 
of acquisitions in the IT 
industry. He mentioned 
that his father spent his 
entire career in the auto industry, and 
in the span of that career, he watched 
a multitude of car manufacturers coa- 
lesce into just three. Indeed, it all 
seems to have happened incredibly 
fast. It just doesn’t seem that long ago 
that I was eyeing my neighbor’s AMC 
Gremlin with unabashed envy. 
So is there any reason to believe 
the same thing won’t happen among 


manufacturers of computer hardware 
and software? No reason at all. There 
could come a day when an IT Big 

Three will have absorbed their larger 
partners and competitors and relegat- 
ed the smaller ones to supplier status. 

The auto industry analogy is par- 
ticularly interesting when you con- 
sider some of that consolidation. Af- 
ter Chrysler (now DaimlerChrysler) 
acquired American Motors Corp. in 
1987, it allegedly destroyed AMC’s 
parts inventories and the molds for 
producing new stock. So maybe we 
shouldn’t have been surprised at the 
way Computer Associates handled 
so many of its acquisitions through 
the years. 

The IT industry, to be sure, is 
unique. No other industry has expe- 
rienced so fast a rate of change or so 
great a capacity to change the world. 
But the parallels with the industries 
that have preceded it are vast. And 
processing those parallels can yield a 
valuable insight into its maturation. 

By the way, I’m really glad Shelly 
found that photograph. You’d under- 
stand if you heard her laugh. @ 57163 


eae a 

















www.computerworld.com 


MICHAEL GARTENBERG 


Microsoft 
Ready to 
Go Mobile 


FEW WEEKS AGO, I 
spent some time at the 
icrosoft Professional 
Developers Conference, which 
was focused mostly on Win- 


dows Vista. There was, how- 
ever, a good deal of activity centered 
on Microsoft’s mobile technology ef- 
forts, and what I saw there makes me 
think that Microsoft is going to be- 
come a major force in that area in the 
near future. 

Windows Mobile devices have been 
ridiculed for being poorly designed 
and prone to crashing and for provid- 
ing an inadequate telephony experi- 
ence. But as with many things Micro- 
soft, patience is rewarded for those 
who stick with the platform. The latest 
release, Windows 
Mobile 5.0, seems 
rock-solid and over- 
comes almost all the 
software problems of 
older versions. 

But software alone 
doesn’t make for a 
great mobile experi- 
ence. Hardware mat- 
ters a lot, and form 
and function are in- 
tertwined. 

The latest crop of 
devices coming to 
the U.S. market re- 
flects three trends 
that I believe will 
make them a success. 

This doesn’t mean 

that Microsoft will 

dominate the mobile §& 

market the way ithas Saas 
the PC desktop; instead, it will likely 
be a strong player among many. (The 
notion that Microsoft needs to domi- 
nate in order to be a success is wrong 
in general.) 

First, Microsoft has finally focused on 
the core telephony experience. For end 
users, telephony is the single most im- 
portant function in mobile devices, ac- 
cording to my firm’s research. Ignore 
telephony or compromise that function, 
and your device will fail in the market. 
The new Windows Mobile-based smart 
phones are phones first and foremost, 
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MORE BUSINESS 
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ProCurve Networking 
download informative reports complete with case studies and cost-o hit HP Innovation 
analysis at www.hp.com/learn/procurve3. 
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Peace of Mind 


Securing the network at 
the edge keeps business 


out of harm’s way 


Lt was Che CEO. ou oie 


stopper” question at a recent executive committee meeting: 
“With all the resources and attention businesses are expending 
on security, why are we still besieged with continuous threats 
from viruses, worms, and hackers?” 

He wasn't overstating the problem. Today an estimated 
100,000 viruses, worms, and Trojan horses pose direct threats 
to network computer users. The cost of system downtime 
stemming from attacks can often be measured in thousands 
of dollars per minute, and the theft of sensitive data carries 
tremendous potential liability. So it’s no wonder security 
remains a top priority for business and technology managers 
alike. 

The truth is that current methods and strategies for secur- 
ing corporate networks often fall short. Many companies use 
virus signature scanning techniques, but these technologies 
alone are not sufficient since they do not detect new forms of 
viruses and they depend on human response. Once in the net- 
work, a virus propagates at machine speed, which is orders of 
magnitude faster than the “human-speed” responses to them. 


WHAT USERS WANT 
Clearly, businesses need a complete solution that truly delivers 
security without compromise to protect networks and the mission- 
critical data that runs over them. A checklist of the features of 
such a solution should include: 
Simplicity for administrators and transparency for users 
¥ Ease of deployment and flexibility 
Y Security built-in and integrated with the hardware, 
not bolted on 
¥ Security at the critical network edge where users connect 
This is exactly what users get, and a lot more, with 
Hewlett-Packard’s ProCurve Networking solutions, engineered to 
move vital network access decisions to the network edge while 
freeing essential network resources to enable the high-band- 
width connections they are supposed to provide. By concentrat- 


ProCurve Networking 


HP Innovation 


ing security at the edge, HP ProCurve further enables support 
for vital network convergence and burgeoning mobile strategies. 
The result is a solution without tradeoffs between ease of use 
and performance versus capability. ProCurve Networking offers 

security without compromise. 

A key and unique element of the ProCurve solution is virus- 
throttling functionality built directly into ProCurve switches. This 
highly effective bulwark against viruses provides detection at 
the network edge based on traffic behavior, not virus signature 
analysis. The bandwidth on the port where the attack is 
detected can be throttled back or the port traffic can be com- 
pletely contained. This functionality gives the IT staff the time 
it needs to first isolate and then eliminate viruses and worms 
before they cause system-crashing damage. 


THE ULTIMATE IN 

NETWORK SECURITY 

Unlike other virus detection technologies, the virus-throttling fea- 
ture does not need preknowledge of specific worms and viruses to 
do its job because virus throttling is behavior-based. ProCurve 
switches with virus throttling can throttle or rate-limit routed 
traffic, or completely block traffic from a suspect client. 

Not all virus attacks come from external sources outside of 
a network. It is increasingly important to protect access to the 
internal network behind the firewall to prevent virus attacks 
and threats to critical systems. Using ProCurve solutions, users 
effectively move security to the network edge, where trouble 
can be resolved before any damage is done to business-critical 
data. ProCurve’s value proposition delivers intelligent security 
with ease of use, without sacrificing performance. 

The bottom line is that with its many unique, powerful, and 
adaptable features, HP ProCurve Networking delivers on the 
core and essential value propositions of high network availabili- 
ty, efficiency, security, ease of use, and open-standards-based 
interoperability. For more information, go to 
www.hp.com/learn/procurve. 
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with dedicated keypads and a one-hand 
usage model. Major improvements al- 
low even the more complex Pocket PC 
devices to be used as passable phones, 
and almost all critical features on the 
Pocket PC devices have been made ac- 
cessible with one hand. This is a crucial 
change from past devices, which need- 
ed two hands to operate them. 

Second, Microsoft has finally 
cracked the often elusive and difficult 
US. carrier market. While the mobile 
platform has been around for a while, 
offerings that included telephony 
weren’t widely available from U.S. car- 
riers. That’s all changed now. Micro- 
soft has product offerings from nearly 
all major carriers in the U.S., so which- 
ever provider you’re using, you're like- 
ly to have the opportunity to choose a 





OPINION 


Windows Mobile offering of some sort. 
In addition, Microsoft is signing more 
licenses, most notably with Palm, 
which will introduce a Windows Mo- 
bile version of the Treo. This bodes 
very well for Microsoft, whose mobile 
technology had often been derided by 
Palm CTO Jeff Hawkins. 

I can’t overstate how big a win this is 
for Microsoft, both from a psychologi- 
cal perspective, as it gets an old rival 
to embrace its platform, and from a 
market-share perspective, as it gets one 
of the most popular mobile devices to 
run Windows. That’s the key to getting 
momentum going for the longer haul. 

Finally, Microsoft and its partners 
have come to the realization that one 
size doesn’t fit all. We will see a multi- 
tude of sizes in the months ahead, in- 





cluding hot designs like the razor-thin 
Q smart phone from Motorola and the 
aforementioned Treo. That means 
users will be able to pick the shape 
that works for them, but more impor- 
tant, IT departments will be able to 
leverage development and support for 
a common platform. 

One thing Microsoft needs to re- 
member is that the buying centers for 
these devices have shifted. Microsoft 
is focused mostly on the business- 
purchase funnel for Windows Mobile 
devices, but in reality a lot of them are 
going to be bought as one-offs by end 
users rather than being purchased 
directly by IT, and these devices are 
going to get both business and person- 
al use. That means other factors be- 
yond just business-level functionality 
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are going to be involved in the pur- 
chase decision. (It’s worth noting that 
in the latest Microsoft reorganization, 
Windows Mobile is no longer in the 
Windows platform group under Jim 
Allchin but is instead in Robbie Bach’s 
group, which focuses on consumer 
products such as the Xbox.) 

If Microsoft and its partners can 


| capitalize on this trend and market the 
| devices’ nonbusiness features, such as 
| digital entertainment, the combination 


of new devices, availability and enter- 
prise compatibility could prove to be a 
winning formula. @ 57068 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site: 
www.computerworld.com/columns 


AMIAN SMITH’S comments about 

older IT workers in On the Mark 
["Baby Boomers Get Ready for Bed 
While. . .” QuickLink 55983] are sim- 
ple in principle, shallow in understand- 
ing and anecdotal in their assumptions. 

First, today's older IT workers were 
the young IT workers who created the 
applications that run most of today's 
companies. To think that all of this soft- 
ware could quickly be replaced with 
new material of equivalent quality and 
sophistication by younger and inexperi- 
enced talent is disingenuous. 

Second, the idea that younger work- 
ers who are cheaper and work longer 
hours can waltz into an organization 
and develop cutting-edge and bug-free 
software while maintaining current op- 
erations is silly. Experience has proved 
time and time again that you get what 
you pay for. 

Third, today’s young IT workers are 
tomorrow's old ones. Therefore, obso- 
lescence and ongoing maintenance is 
part of IT life. What is truly best for an 
IT organization? A constant flow of not- 
so-loyal, young, green newcomers who 
churn out cheap, sloppy work, or a mix 
of rookies with great ideas and sea- 
soned but flexible, experienced, loyal 
professionals working together? The 
answer is obvious. 

The ideal solution for any IT depart- 
ment is not the wholesale sacking of 
older workers in the name of cost- 
cutting and profit-making, but a mix of 
young and older workers, both learning 
from each other. On the other hand, 
maybe the older technologies could 
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Baby Boomers Bring Needed Experience to IT 


if middle management, upper manage- 
ment and executives were replaced by 
much younger, dynamic workers who 
wouid be willing to work longer hours 
for half of those generally older man- 
agers’ outrageous salaries. 

Phil Steinschneider 

Sterling, Va. 


MITH’S THINKING is common, in- 
correct and exposes a spurious 

correlation. | wouldn't be surprised to 
discover that the ratio of software 
maintenance and support costs to cor- 
porate IT software development costs 
in many corporate IT budgets has in- 
creased over the years, and it may con- 
tinue to grow well into the future. This is 
related to the fact that today fewer and 
fewer corporate IT departments are in 
the software development business. In- 
stead, much of corporate America pur- 
chases software that requires some 
customization and maintenance. 

Blaming corporate IT budget prob- 
lems on experienced and knowledge- 
able IT personnel is similar to blaming 
the high cost of health care on experi- 
enced and knowledgeable heath care 
personnel. Smith's anti-baby-boomer 
model can be applied across all indus- 
tries, so why stop with corporate IT 
departments? 
Kim Crutchfield 
Senior systems programmer, 
Irving, Texas, kcrutchf@vha.com 


HAT KIND OF OUTLOOK is em- 
bedded in phrases like “more ex- 
perienced workers who have higher 


more easily be discarded and replaced | salaries and are less likely to work 





longer than 40 hours per week"? 
Think about it: He's saying only peo- 
ple who work over 40 hours a week 
have value. Just because a worker has 
learned how to work smarter, he’s less 
valuable? How many of the younger 
workers do you see who understand 
any business, much less their compa- 
ny's business? Why would | go to work 
for a guy who publicly says to young 
workers, “Join us now, because we will 
pay you low wages for 10 to 20 years, 
then we will let you go because you will 
have gotten too expensive for us"? 
Steve Comstock 
Founder, The Trainer’s 
Friend Inc., Denver, 
steve@trainersfriend.com 


TIS TRULY AMAZING that Comput- 
erworld would allow Damian Smith 
to spout his politically incorrect, age- 
discriminating blather, which is actually 
a thinly disguised advertising ploy to 
sell storage, and pass it off as a legiti- 
mate op-ed piece. Shame on you! 
Bill Anderson 
Seattie 


HE PERCENTAGE of the IT budget 

spent on keeping the status quo 
functioning versus implementing new 
things is a meaningless measurement. 
If what the business has works, meets 
the business requirements and incurs 
maintenance costs that are a reason- 
able fraction of the entire corporate 
budget, there is no problem. If the busi- 
ness is not being served by the infra- 
structure, then the business needs to 
change it, regardless of the percent- 
ages of the IT budget. 

What counts is not comparative 





rates of spending; it is value to the 
business. 

David P. Vernon 

Tucson, Ariz., vdpphd@qwest.net 


Specialists Must Also 
Talk With Customers 


WAS DELIGHTED to see an article on 
concrete ways to improve software 
quality [“ABCs of Software Methodolo- 
gies,” QuickLink 55497]. But | was dis- 
appointed that the author blamed “a se- 

ries of disconnects and miscommuni- 
cations among the IT specialists.” That 
should have been “among IT specialists 
and their customers.” Customer skills 
and behaviors are just as much a part 
of the problem and solution as IT skills 
and behaviors. 

Though the article does mention 
customers’ involvement later, it's mis- 
leading to imply that if you only get 
smart enough IT specialists, with the 
right training, you can have great soft- 
ware. Great enterprise systems also 
require an evolution in the thinking of 
our customers. 

David Allen 
Minneapolis, 
dallen@csom.umn.edu 


LMAO NE AEE 


CEOs Are Limited in 
Effects on Operations 


EOs HAVE very little ability to im- 

prove ongoing operations, but they 
can certainly make mistakes that have 
great negative effects (“CEOs Are Fak- 
ing It, Stanford Professor Says,” Quick- 
Link a7070). Similarly, top manage- 





ment's financial performance should 
not be judged by the results from ongo- 
ing operations. It should be judged by 
the extraordinary charges. 

Milton Anderson 

Fair Haven, N_J. 


Not All User Groups 
Are in Bad Shape 


HILE ONE always hates to see a 

user group disband, one should 
not infer from Patrick Thibodeau’s arti- 
cle [“HP World Canceled; Interex Dis- 
banding,” QuickLink 55630] that ail 
user groups are in bad shape. Share, 
the user group for enterprises focused 
on IBM systems, celebrated its 50th an- 
niversary this summer and continues to 
be an organization that educates users 
and works closely with IBM and ISV 
management to help users and vendors 
come together to provide needed solu- 
tions for businesses. 


| Robert Rosen 


President, Share Inc., 
Bethesda, Md. 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to 
Jamie Eckle, letters editor, Computer- 
world, PO Box 9171, 1 Speen Street, 
Framingham, Mass. 01701. 
Fax: (508) 879-4843. 
E-mail: letters@computerworld.com. 
Include an address and phone number 
for immediate verification. 

For more letters on these and other 


topics, go to 
www.computerworld.com/letters 
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an Total project cost: $350 million 
| Seated ete Walenplopere 1500 a 
Center conmonien 
Qn ata Speci ests arts: 400 
REPORT Glance Amount of data generated for average film project: 


30TB (120TB for Star Wars: Episode ll!) 
Reparentee oy 


Primary data center: 13,500 square feet 
Render server farm: 3,000 processors on 1U (1.75 in. high) and blade servers 
| Media data center: 3,000 square feet 
| Storage: 1467B, including 68TB of NAS and 78TB of near-line storage 
Network: 340-port, 10Gbit Ethernet backbone, 1Gbit to the desktop; more than 600 miles of cable run 
| through 18-inch raised floors throughout the campus 
| Telephony: Voice over IP on physically isolated network 
| Building security: Srnart card readers and video monitoring systems on physically isolated IP network 


S IT RUSHED TO COMPLETE work on Star Wars: Episode III — 
Ace of the Sith last February, special effects company Indus- 
trial Light and Magic found itself split between two worlds. The 
new home of the San Rafael, Calif.-based studio was in the final phase 
of construction as part of the Letterman Digital Arts Center (LDAC), a 
850,000-square-foot, four-building campus in San Francisco’s Presidio 
National Park. Two of 
those buildings today 
serve as headquarters for 
George Lucas’ Lucasfilm 
Ltd. as well as its ILM 
and LucasArts Entertain- 
ment Co. subsidiaries. 


ILM had been given re- 
sponsibility for moving 
IT operations for all 
three business units. But 
Chief Technology Officer 


Cliff Plumer was also in 


an enviable position. His group had a rare 
opportunity to create an IT infrastructure, in- 
cluding new data centers and the network, from the 
ground up. 

That February, however, ILM didn’t have the proc- 
essing power in its overcrowded data center in San - A 
Rafael to finish rendering all of the movie frames on 3 + . 
time, and it didn’t have the space for more servers. Lucasfilm S new data center has the artists behind 
Bringing down the 2,500-processor server farm to 3 4 2 . 
move it would have had a huge impact on operations, Star Wars special effects working at light speed. 
since it runs 24 hours a day, says Plumer. s 

Keeping Star Wars fans waiting was not an option, By Robert L. Mitchell 


Continued on page 27 


CLIFF PLUMER got a rare chance at ILM to create an IT ar ERE CUBR eevee tO 
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Initial planning for the migration planning began in 2000. The move began in February 2005. 


LucasArts and ILM IT groups merge. 
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New data center goes live with installation of a 500-processor blade server farm. 
Industrial Light and Magic begins rendering across 10Gbit/sec. fiber link connect- 
ing two data centers. Systems begin migrating into new space. 


would expect for a high-tech special 
effects and movie production compa- 
ny. There are no signs, and even at the 
main entrance, hidden behind plant- 
ings, the only indication of who occu- 
pies the buildings is a statue of Star 
Wars character Yoda atop a fountain. 
Inside, everything is state of the art. 
The multistory buildings include a 
13,500-square-foot data center, 18-inch 
raised floors that accommodate more 
than 600 miles of network cabling, and 


Continued from page 23 
so ILM bought an additional 250 dual- 
processor blade servers, installed them 
in the new data center at the LDAC 20 
miles away and connected them into 
the render server farm in San Rafael by 
way of a 10Gbit/sec. fiber-optic link. 
Today ILM resides in a quiet setting 
with views of the Golden Gate Bridge. 
From the outside, the style of the build- 
ings is more in keeping with the former 
Army base’s heritage than what one 


SPREADING 
THE STORAGE | 
LOAD 


WITH A TYPICAL MOVIE today generating an : 
average of 30TB of data - Star Wars: Episode : : 
lif generated 120TB ~ storage is a critical : SpinFS, was acquired by NetApp last year. But 
component of ILM’s IT infrastructure. But ? the vendor is improving the product to work 
after moving from Silicon Graphics Inc. multi- : with its own Write Anywhere File Layout tech- 
processor workstations to Linux-based servers : nology. The new version, dubbed Data OnTap 
for rendering movie frames, ILM ran into seri- : NG, is due out by year’s end. 
ous disk I/O performance issues with itsnet- : ILM has also moved to a more hierarchical 
work-attached storage (NAS) systems. : model for storage, complementing its NAS and 
“We used to have big, 32-way machines: tape library storage systems with NetApp 
that could process 32 frames of the same shot : NearStore devices that provide 78TB of rela- 
with one pull of the data into memory,” says tively cheap near-line storage based on Ad- 
ages ILM’s networked storage. The company : ogy. “Thirty percent of the storage is for shows 
migrated to dual-processor Linux servers, ? that are done,” Thompson says, but it takes 
which were fast and cheap. But while the : time after a show wraps for the artists to clean 
32-way multiprocessor system pulled the data : up the files and get them ready for off-line 
archiving. 


across the network and into that system once 
to render 32 shots, each of the 16 Linux Near-line storage provides a quick way to 
servers had to retrieve its own copy of the get the data off primary storage. Access is 
data. That meant pulling 16 times the data slower but still adequate. “It’s a parking lot for 
across the storage network to do the same low-throughput data,” Thompson says. 

ILM’s near-line devices use the same virtual 


nin tae 
namespace as Ce rest of ILM's NAS. That in- 


creases the efficiency of storage utilization 
while allowing files to be rapidly and transpar- 
ently shuttled over when a show wraps, 
- Thompson says. It also acted as a temporary 
storage space as the company moved the bulk 
of its NAS arrays into its new headquarters. 
‘Thompson also hopes to add virtual tape 
libraries, which function like traditional tape 
libraries but use inexpensive ATA disk arrays 
as.a cache. The arrays act as a buffer, holding 


: mon namespace, ILM could manage the total 
: storage pool more efficiently. “You can only 
: una filer so full. We were at 80% [utilization} 
: before. Now we can run at $3%,” Thompson 
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Bulk of data center equipment moves in along with 
270 ILM artists and staffers. Move is half-completed. 


LucasArts staff moves in. 
Near-line storage migrates to the new data center. 





- 


Lucasfilm and back-office systems move in. — 


a 3,000-square-foot media data center. 
The latter is capable of simultaneously 
delivering high-definition video to re- 
mote clients and to several in-house 
viewing spaces. 

The main data center includes a 
3,000-processor server farm, approxi- 
mately 1SOTB of network-attached 
storage and a 10 Gigabit Ethernet back- 
bone that may be the largest built by 
any company to date. It has some 340 
10Gbit ports and supports traffic loads 
of 130TB per day. Power and cooling 
systems sit in two adjacent rooms, 
which Plumer says helps to keep main- 
tenance traffic out of the data center. 


Going Live 

Getting moved wasn’t easy. The data 
center was ready to go back online in 
February when the new servers and 
other equipment arrived at the LDAC. 
The IT staff had already moved in, be- 
coming the building’s first tenant. But 
the rest of the building was far from 
finished. “We had to wear hard hats 
and goggles” during those first weeks, 


WHAT EVERY 





along with remaining ILM staffers. 


recalls network engineer Mike Runge. 
With all the construction, finding a 
place to store equipment shipments — 


| dual-Opteron Titan64 Superblades 


from Angstrom Microsystems Inc. and 
networking gear from Foundry Net- 
works Inc. — was tough. “It was hard to 
find a room that would lock and be free 
of dust,” Runge says. Once the equip- 
ment was unboxed, however, the instal- 
lation took Angstrom technicians just 
two hours, says Lalit Jain, Angstrom’s 
CEO. 

“Within seconds of powering [the 
servers] up, they were processing an 
image,” Plumer says. Since then, the 


| rest of the data center equipment has 
} moved over. The bulk of it arrived in 


mid-August, when ILM’s 400 artists and 
other staffers began moving in. 
ILM’s move is part of a corporate 


| consolidation that also includes video 


game maker LucasArts as well as Lu- 
casfilm. Some 1,500 people work in the 
new facility. 
Moving LucasArts and Lucasfilm was 
Continued on page 29 
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“Computerworld’s approach of using 

real-world testimonies is really the key. If | 
wanted a vendor opinion, I’d call a vendor up ... 
so when | see my peer talking about security 
challenges and when | see my peer talking about 
technology innovation, it has much more weight.” 


Steve Bandrowezak, VP CIO, DEL Express 
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THE VOICE OF IT MANAGEMENT ))) 
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Continued from page 27 

fairly straightforward, says Kevin Clark, 
director of IT operations. ILM was more 
difficult. “The infrastructure is much 
more complex,” he says. 


Net Gains 


The LDAC project gave Plumer’s team 
a unique opportunity to rebuild its IT 
infrastructure from scratch. The team 
started by interviewing users on their 
needs, says Gary Meyer, systems engi- 
neer and project manager. From there, 
a narrative description of the technical 
infrastructure was developed and giv- 
en to the design teams. 

“The biggest key is the networking 
infrastructure,” says Plumer. 

“This industry tends to be a good 10 
years ahead of general business in 
terms of critical network-capacity 
needs and capability,” says Rob Ender- 
le, principal at Enderle Group in San 
Jose. ILM “will probably be passed rel- 
atively quickly, given [that] this need 
crisscrosses their industry.” 

The architecture consists of three 
networks: one for a new voice-over-IP 
telephone network and two separate 
10Gbit network cores. One is for video 


in the media data center, and the other 


is for the main data center, which han- 
dles the render server farm and back- 
end business systems. A 10Gbit fiber 
backbone runs from the data centers 
to each building and out to the distrib- 
ution closets. All employees now have 
1Gbit/sec. connections, up from 
100Mbit/sec. in the old facilities. ILM 
also pulled fiber to each artist work- 
station. “Putting the fiber in gives us 
the ability to go to 10 gigabits or 
greater to the desktop,” Meyer says. 
Meyer won't be surprised if ILM’s 
artists max out their ]Gbit connections 
within a year. Between downloading 
very large files and streaming high- 
definition video to the desktop, they 
could start to fill up the pipe, he says. 
Those kinds of anticipated band- 
width demands resulted in very strict 
requirements for network equipment, 
says Runge. “We spent months doing a 
bake-off between several vendors,” he 
says. Foundry wen because it dropped 
the fewest packets — a critical metric 
for an organization that needs to run 


multiple high-definition video streams. 





MANAGING CHAOS 


How ILM's IT staff managed a move of users’ 
workstations and IT equipment into a new building: 


QuickLink 56599 


High-Visibility Storage: How ILM handled its 
storage needs as it migrated data: 


QuickLink 56879 
www.computerworld.com 
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While the new buildings gave 
Plumer a blank slate for a new data 
center, the need for more space wasn’t 


the biggest issue. “It’s more about pow- | 


er and cooling,” he says. During the 
data center’s design phase, heat and 
power-density requirements for IT 
equipment rose faster than anyone ex- 
pected. The original design called for 
200 watts per square foot. 

“Partway through the process, we 
threw up a flare and said, ‘We think 
we’ve made a mistake. We think we 
should design for 400 watts per square 
foot.’ And we were basically laughed 
out of the room,” says Meyer. Today, 
the room supports 330 to 340 watts per 
square foot and could easily consume 
400, he says. 

One major reason for the increase 
was the server farm used to render 
movie images frame by frame. As ILM 
has adopted blade servers, power den- 
sity has gone up from 10 kilowatts per 
rack a few years ago to nearly 20 kilo- 
watts for its blade servers today. ILM 
adjusted the original data center design 
but still has had to spread out blade 
servers to dissipate heat. “It’s a con- 
stant job of balancing the room,” 
Plumer says. 


Data on the Move 

Handling storage needs during the 
transition was another challenge. ILM 
had 18 Network Appliance Inc. R200 
filers connected to 68TB of storage in 
San Rafael. Those arrays needed to be 
online around the clock in order to 
feed files to the render server farm. 

ILM was also using SpinFS from 
Spinnaker Software Solutions, a dis- 
tributed file system that virtualizes 
storage and establishes a single, uni- 
fied namespace that all of the filers 
use. SpinFS eliminated a performance 
bottleneck that resulted when many 
machines in the render farm requested 
the same data at the same time. 

ILM uses the technology to distrib- 
ute the data across multiple disk arrays, 
says systems developer Mike Thomp- 
son. ILM also used it to migrate data 
between San Rafael and the LDAC. 

Thompson added another 78TB of 


near-line storage and deployed another | 


10 R200s running SpinFS in the LDAC. 
Then he connected them over the 
10Gbit link to the arrays in San Rafael. 
“No matter which [end] you are on, 
you see all the storage,” he says. Using 
the near-line storage as a buffer, 
Thompson pulled arrays out of the 
storage pool in San Rafael and recon- 
nected them in the LDAC without dis- 
rupting operations. It’s now used as a 
place to store completed projects until 





the data is ready for migration to tape. 

Once the last staffers and equipment 
from the three organizations are finally 
moved in, the data center will be at 
about 60% of capacity, Plumer says. 
The infrastructure design, as deployed, 
is supposed to last five years. Already, 
however, the IT staff is anticipating 
new needs. 

“We're migrating production to 64- 


CONSOLIDATION 
OF CULTURES 


MOVING ILM, LucasArts and Lucasfilm into a 
single building allowed for greater IT efficien- 
cies, but different IT architectures and cul- 
tures needed to be merged as well. 

The process of combining the organiza- 
tions’ 1,500 employees began with the two IT 
groups, which merged as the project started. 
The business units have very different cul- 
tures and take different approaches to IT, 
says Kevin Clark, director of IT operations. 
While LucasArts tends to use available IT 
products, ILM develops more of its own tools 


in-house. “We have to do a better job partner- : 
: ple, is now officially Microsoft Exchange 
: Server. 


ing with R&D and engineering to support 
those [in-house tools},” Clark says. 

“It’s difficult. We're still going through 
some growing pains,” he says, as the con- 


verged group learns to support the IT systems : 


used by both businesses. 
One challenge, for example, has been to 


VIDEO VOICE DATA 
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bit,” says Plumer, which means swap- 


| ping out older servers for units with 


dual-core Opteron processors. And the 


| film industry could be moving to 4K 


frames, which would double the stor- 
age requirements. 

“We'll stay at 68TB for a year or 
two,” Thompson predicts. “But as 


| shots get more complex ... it’s hard to 


tell.” @ 56362 


\ 


: properly set expectations in an environment 
: where most IT equipment is used for produc- 
: tion and every failure is considered a crisis. 
: “When things aren't working, there’s a real 
> urgency to get them addressed,” Clark says. 
? But IT still must prioritize. “I'll be enforcing 
: how we set expectations within those pro- 
? duction units,” he says. 


The co:npanies also use different desktop 


: and server systems. “LucasArts is Windows- 
: based, and ILM is Linux-based, right down to 
: the desktop. Just bringing that together - 

? there were a lot of challenges,” Clark says. 


While the end-user environment remains a 


: hybrid, some back-end systems have already 


consolidated. The e-mail system, for exam- 


: “We'll start to focus next year on service lev- 


els and trying to weigh what's most critical,” 
- Robert L. Mitchell 
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Congratulations to this 
year’s “Best Practices” 
Award Recipients! 


The “Best Practices in Business 
Intelligence” Award Recipients 
were honored Wednesday, 


September 28th. 


Computerworld’s Business Intelligence Perspectives proudly 
presents the second “Best Practices in Business Intelligence” 
Awards Program, honoring top IT user “best practice” case studies 
selected from a field of qualified finalists. 


COMPUTERWORLD 
BUSINESS INTELLIGENCE PERSPECTIVES 


Best Practices 
IN BUSINESS INTELLIGENCE 


AWARDS PROGRAM 


AWARDS PROGRAM EXCLUSIVELY SPONSORED BY 


ORACLE 


Award Recipients in each of the following categories are: 


Creating a BI Vision and Strategies 
for Improved ROI 


Data Visualization, Prediction and 
Presentation by Leveraging 
Customized Solutions 


information Retrieval and Reporting 
by Leveraging Off-the-Shelf 
Enterprise Software 


Managing and Enhancing 
BI Applications and Infrastructure 


Planning, Designing and Building 
the BI Infrastructure 


Award Recipients: 
¢ Bacardi U.S.A. Inc., Miami, Florida 
* Hospital Corporation of America (HCA, Inc.), Nashville, Tennessee 


Award Recipients: 
¢ APEX Management Group, Princeton, New Jersey 
¢ JPMorgan Chase, New York, New York 


Award Recipients: 


* Communications Electronics-Life Cycle Management Command Acquisition 
Center, Fort Monmouth, New Jersey 


¢ Intermountain Health Care, Salt Lake City, Utah 


Award Recipients: 
¢ AT&T, Middletown, New Jersey 
¢ University of Minnesota, Minneapolis, Minnesota 


Award Recipients: 
¢ Amgen, Inc., Thousand Oaks, California 
¢ Export Development Canada (EDC), Ottawa, Canada 
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RESEARCHERS AT MIT have mapped a full dynamics of a city in real time,” says project 

city in real time by tracking tens of thousands of © leader Carlo Ratti, an architect/engineer and 

people traveling about carrying cell phones. head of MIT's Senseable City Laboratory. “This 
Using anonymous cell phone data provided | opensup new possibilities for urban studies 

by Austrian cell phone operator A1/Mobilkom, and planning. The real-time city is now real.” 

the researchers developed the Mobile Land- The research could also have implications 

scapes project, creating electronic maps of cell | foruse in large-scale emergencies and for 

phone use in the metropolitan area of Graz, transportation engineers seeking ways to bet- 

Austria's second-largest city. ter manage freeway traffic, according to Ratti. 
The project used three types of daia - 

the density of cell phone calls, the origins and 

destinations of the calis, and the positions of 

users tracked at regular intervals - to create 

computer-generated images that can be 

overlaid on one another and with geographic 

and street maps to show the peaks and 

valleys of the landscape as well as peaks in 

cell phone use. 


A STROLL THROUGH THE TECHNOLOGY LANDSCAPE ices sect mentee goa 
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ScalaBlast is asophisticated “sequence align- | | PNNLresearcherssayScalaBlast may be used 
One Genome ment tool” that can divide the work of analyzing bio- | to process complex genomic sequences - work 
sg * logical data into manageable fragments so that | that’s essential to understanding the building 
Comin Right Up large data sets can run on many processors simul- blocks of genomes and how they work and fit to- 
taneously. With this technology, large-scale prob- gether. Genomes represent an organism's entire 
Anew computational tool developed at the U.S. lems - suchas the analysis of an organism-canbe | DNA, includingits genes. 
Department of Energy's Pacific Northwest National | solvedin minutes, rather than weeks. Before ScalaBlast was available, it took re- 
Laboratory (PNNL) is speeding up our understand- In order to get answers to complicated biological | searchers 10 days to analyze one organism. 
ing of the machinery of life - which could bring questions more quickly, researchers at the PNNL Now, they can analyze 13 organisms in nine hours. 
researchers one step closer to curing diseases, “parallelized” the software using the powerful Glob- | @ 56880 
finding safer ways to clean the environment and al Arrays programming tool kit to create algorithms : een 
protecting the country against biological threats. to divvy up the work. Page compiled by Tommy Peterson. 
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TECHNOLOGY THAT GETS YOU 
“EVERYTHING'S 


IBM eServer xSeries 226 Express 
An entry-level 2-way server that 
offers the reliability and 
performance needed for day-to- 
day computing. Easy to set up 
and deploy, with access to all 
major system components. 


System features 


$1,639** 


(Other configurations as low as $1,229) 


IBM Financing Advantage 


$46 


IBM eServer xSeries 346 Express 


Help maximize performance and 
improve availability in a rack 
dense environment with 
Xtended Design Architecture” 
Includes Calibrated Vectored 
Cooling, an IBM innovation that 
helps increase uptime. 


System features 

Up to two Intel® Xeon™ 
Processors 3GHz/2MB 

Two-way 2U rack server 


Up to 16GB DDR2 memory 
using 8 DIMM slots with 
enhanced memory 


Limited warranty 
3 years on-site 


$3,315** 
(Other configurations as low as $2,219) 


IBM Financing Advantage 


$93 


IBM TotalStorage DS300 Express 


IBM eServer xSeries 260 Express 


IBM's newest third-generation 
Enterprise X-Architecture’ 
server. Designed for companies 
looking for database, e-mail, 
Web/e-commerce or consolidated 
application serving. 


System features 


Up to four 64-bit Intel” Xeon™ 
Processors MP, up to 3.66GHz 

Four-way tower or 7U rack 
capability 

Up to 3.6TB hot-swappable 
SAS (serial attach SCSI) 
hard disk storage 

Up to 64GB of memory with 
advanced memory protection 


Limited warranty: 3 years on-site 
$5,399°* 
(Other configurations as low as $4,599) 


IBM Financing Advantage 
$151 | 


System features 


This entry-level, cost-effective iSCSI host- 
attached storage system utilizes your existing 
network infrastructure to deliver advanced 
functionality. Provides an exceptional SAN 


storage solution with xSeries servers for 


e-mail/file/print. 


$6,455°* 
(Other configurations as low as $2,995) 


“ 


IBM eServer BladeCenter HS20 Express 


Offers extreme flexibility anc 
scalability, plus it helps to 
consolidate and simplify your 
infrastructure. Helps reduce 
power consumption and save 
valuable floor space. 


System features 
s 3.20GH2/2MB 
Up to 14 blades per chassis 
Supports both 32 
and 64-bit applications 
IBM Director 
Limited warranty 


3 years on-site 


$2,899** 
(Other configurations as low as $1,669) 


IBM Financing Advantage 
$81 


ted warranty: 1 


site 


IBM Financing Advantage 
$180 





USED TO SAYING: 
UNDER CONTROL’ 


IBM Express Servers and Storage™ for mid-sized business. 


Know an |.T. person who doesn’t like to hear that “everything’s under control”? 
We don’t. That’s why we offer an innovative management tool called IBM 
Director that can alert your |.T. people to potential problems up to 48 hours in 
advance! 


And our Calibrated Vectored Cooling on select xSeries® servers helps cool your 
systems more efficiently. Packing more servers into a single rack. Helping to 
save space, energy, money. 


With IBM Express, innovation comes standard. That's true for servers, storage 
and printers. Your local IBM Business Partner can tell you more. And remember, 
you can keep your technology current while helping to reduce costs — through 
IBM Global Financing. 


Excited? No need to control yourself. Get started today. 


Save time. Save costs. Save the day! (Optimize your I.T.) 


ibm.com/systems/innovate1 
1 800-IBM-7777 = mention 104CE04A 





IBM TotalStorage DS400 Express System features 


Exceptional entry-level solution for workgroup 3U rack mount entry-level with up to Starts at 584GB / scales to 12TB* 
storage needs. With advanced functionality, two controllers 

the DS400 supports xSeries servers and 2GB Fibre Channel storage systems Limited warranty: 1 year on-site? 
utilizes hot-swap Ultra320 SCSI drives for area network (SAN) 

high reliability. 





From $8,495** IBM Financing Advantage 
(Other configurations as low as $4,995) Only $237 per month” 





34 COMPUTERWORLD October 3, 2005 


TECHNOLOGY 





Podcasting 


DEFINITION 


Podcasting is a method of publishing audio broadcasts via the 
Internet in which users subscribe to an automatic feed of new 
files for subsequent downloading to and playback on portable 
music players or PCs. Podcasting differs from other types of 
online media distribution in that it’s organized on a subscription 
model, using automatic feeding mechanisms (typically RSS) to 
deliver enclosed files. 


BY RUSSELL KAY 
HEN Apple Comput- 
er Inc. introduced 
its handheld music 
player, the iPod, in 


Podcasts range in format 
from crude, bloglike individ- 
ual diaries featuring personal 
rants and ramblings to slick, 
professionally produced inter- 


2001, few anticipated that it views and discussions and re- 
would spawn —- and even give | distributed programming from 


its name to — anew 

public medium for in- 
formation dissemina- 

tion. But in little more 

than a year since it 

first hit national con- 
sciousness in the fall 

of 2004, podcasting has be- 
come a significant channel for 
distributing audio materials. 

Podcasting marks both the 
expansion of radio/audio pub- 
lishing (with video likely to 
join them soon) into a pop- 
ulist, subscriber-based medi- 
um and the freeing of such 
programming from the stric- 
tures of real-time listening. 

Podcasts started out as 
short bits from individual 
bloggers. Today, podcasts are 
available from many commer- 
cial broadcast and publishing 
concerns, including newspa- 
pers, television networks, Na- 
tional Public Radio, the BBC, 
magazines and various other 
informational Web sites. 

The term itself, made by 
combining “iPod” and “broad- 
casting,” encompasses three 
distinct elements: 


1. PROGRAMMING: Podcasters 
create audio programs, usually 
in the form of MP3 files, 
which they upload to Web 
sites. Anyone with a computer 
and a microphone can now 
create audio programming. 


un 





commercial and public 
broadcasting organiza- 
tions. The subjects of 
NY) podcasts cover the 
gamut of human inter- 
est and experience. 


2. PUBLICATION AND SUBSCRIP- 
TION: This takes place via Web 
sites that index and facilitate 
the finding of and subscrip- 
tion to podcasts according 

to subject matter, source, 
creator, metadata tags and 
other criteria. Podcasting dif- 
fers from other types of online 
media distribution in that it’s 
largely organized on a sub- 
scription model, using auto- 
matic feeding mechanisms 
(such as RSS or Atom; see 

the QuickStudy at QuickLink 
46266) to deliver files to 
audiences. 

In addition, a number of 
Web sites now catalog thou- 
sands of available podcasts, 
which the user can download 
or subscribe to with a simple 
click. 


3. PLAYBACK: A user simply 
downloads a podcast to his 
computer and subsequently 
transfers it (often automatical- 
ly) to an iPod or other music 
player for listening to at his 
convenience and not the 
broadcaster’s schedule. VCRs 
and then TiVo liberated televi- 





sion viewers from having to 
adhere to broadcasters’ sched- 
ules. Now, podcasting has 
extended such capability to 
mobile players for audio and 
radio programming. 

Access is simplified by sub- 
scription and by the automatic 
transfer of downloaded pod- 
casts from a computer to a 
portable music player when 
the player is docked. 


Origins 

Blogging software and the au- 
tomatic feed mechanism RSS 
first came together in 2001, 
when Adam Curry, Tristan 
Louis and Dave Winer added 
the ability to enclose elements 


www.computerworld.com 











to Winer’s Radio Userland 
weblog aggregator. 

In 2003, Stephen Downes 
began aggregating and distrib- 
uting audio files in his Ed 
Radio site (www.downes.ca/ 
ed_radio.htm), and talk-show 
host/journalist Christopher 


| Lydon started publishing on- 


line audio interviews (http:// 
blogs.law.harvard.edu/lydon). 

In August 2004, Curry, a for- 
mer MTV video jockey, began 
distributing a daily MP3 audio 
blog, “The Daily Source Code.” 
Curry now offers a number of 
podcast-related resources on- 
line and on-air, including 
“Adam Curry’s PodShow” on 
Sirius Satellite Radio and the 
iTunes PodFinder guide to 
podcasts. 

Curry also created iPodder 


| (http://ipodder.sourceforge. 


net), which was the first pod- 
casting aggregator. 

The term podcasting evi- 
dently first appeared in a Feb- 
ruary 2004 article by Ben 
Hammersley in the British 
newspaper The Guardian. By 
October 2004, detailed how-to 
podcast articles had begun to 
appear online. 

Podcasting has taken off 
faster than many other phe- 
nomena. In 2004, blogger and 
technology writer Doc Searls 
(http://doc.weblogs.com) start- 
ed tracking the number of ref- 





erences to podcasts found by 
Google Inc. On Sept. 28, 2004, 
there were 24 hits. Five days 
later, that number was up to 
2,750, and it was over 100,000 
in three weeks. As this para- 
graph is being written in Sep- 
tember 2005, Google returns 
56,900,000 hits. 

In June 2005, Apple an- 
nounced support for podcasts 
in its iTunes software, with 
distribution through its iTunes 
Music Store. Within two days, 
customers had subscribed to 
over 1 million podcasts from 
Apple’s then-available 3,000 
selections. 

At this writing, iTunes 
offers 8,828 distinct podcast 
sources, while www.podcast. 
net lists 11,552 choices. 

@ 56922 


Kay is a Computerworld con- 
tributing writer in Worcester, 

Mass. You can contact him at 
russkay@charter.net. 


PERSONAL PODCASTING 


For a primer on how you can start using 
podcasts, go to our Web site: 


Qe QuickLink 57099 


www.computerworld.com 


Are there technologies or issues you'd like 
te learn about in QuickStudy? Send your 
ideas to quickstudy@computerworld.com 


To find a complete archive of our 
QuickStudies, go online to 
@computerworld.com/quickstudies 


Purposes for Podcasting 


With its subscription and search-engine-aided distribution, podcasting is a fine example of niche marketing to specialized 
audiences and interest groups. From its initial use by individuals to create their own “radio” programs or audio blogs, pod- 
casting is now used for a number of purposes, including the following: 


® As a means of avoiding regulation from bodies such 
as the U.K.’s Office of Communications or the U.S.’s 


1 As a way to provide public access to government 

Officials, candidates and political parties, and as a 
disseminating information and propagan- 

da and working around government control. 


saneeneereneerneeasananceserearssenaaseeanene, “ 


vehicle for 


cetanenennensncenessecnnaneeserenvens: 


® As an outlet for publishers and broadcasters to dis- 
tribute audio to supplement news and entertainment 
| stories and programs. For example, TV producer Ron 
Moore has created commentary pedcasts for each 
| new episode of the SciFi Channel's Battlestar Galac- 


1 As a means of spreading religious messages and 
sermons (sometimes called Godcasts). Religion and 
oe 


spirituality is the 
Apple's podcast listings, 


AOAEPS ON ORE OTeeAE ee eESstEOLT IO AESAOEAEAPESODEAOE EASON ESSE OREESAROEEEE SHG ADENORSE EEO EEEEE 


gaat 


(www.scifi.com/battlestar/downloads/podcast). 
Other TV shows have since set up similar podcasts. — 


stunenenenseneaceneneun: seurasenensenanenceneneenansnsanannenansesarenserenerens®: 


= As a means of circumventing mainstream media. 
The 5,500 locked-out editors, journalists, techni- 
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Playing Nice With 
Physical Security 


There’s a fine line between a company’s 
security departments, and you have to be 
careful in crossing it. By Mathias Thurman 


T ASMALL COMPANY, 
the information securi- 
ty manager is some- 
times also responsible 
for physical security. At very 
large corporations, the physi- 
cal security — sometimes 
called safety and security — is 
a completely separate depart- 
ment, responsible for hard- 
ware such as biometric ID or 
badge systems, security cam- 
eras and the manage- 
ment of guards. Safe- 
ty and security de- 
partments handle 
investigations of 
physical breaches, 
such as theft, and 
workplace violence. 

Typically, the managers and 
staff assigned to the physical 
security department have 
completely different back- 
grounds from their counter- 
parts in information security 
and have a different set of 
skills. One group deals in 
things like the Reid interview 
technique, proximity device 
criteria and perimeter securi- 
ty, and the other in things like 
routing, Unix administration, 
buffer overflows, span ports 
and rogue access points. In 
short, these two staffs speak 
different languages. 

Don’t get me wrong — in- 
formation security and physi- 
cal security must work side 
by side. In my case, I will be 
working very closely with the 
physical security manager on 
many of the intellectual prop- 
erty initiatives I’ve been asked 
to tackle. We’ve already devel- 
oped a strong relationship, 
but in every organization big 
enough to have separate secu- 
rity departments, it’s neces- 
sary to draw a line in the sand. 
For some companies, the line 
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is thick and definitive, while in 
others, it’s very thin. But in ei- 
ther case, when you cross the 
line, you can create problems 
for the guy on the other side. 
As I’ve mentioned in previ- 
ous installments, I recently 
took a position as the informa- 
tion security manager at a fair- 
ly large company. Prior to my 
arrival, there hadn’t been a 
| information securi- 
ty manager on staff 
for almost a year. In 
the interim, infor- 
mation security re- 
sponsibilities were 
absorbed by other 
departments. It was 
sensible and appro- 


| priate that the Unix team, net- 


work engineering and the help 
desk took on many traditional 


| information security roles and 


responsibilities. And since 
there was no official point of 
contact for information secu- 
rity initiatives, the physical se- 
curity manager took it upon 


| himself to research a method 
| to monitor employees’ activi- 


ties while they were logged 
into their workstations. 

He did some research on the 
Internet and made some calls 
to colleagues. After that, he 
coordinated several rounds 
of vendor presentations and 
demos before finally funding a 
pilot program involving the in- 


In short, these 
two staffs speak 
different languages. 





| stallation of Digital Guardian 
| from Verdasys Inc. in Waltham, 


Mass., on several desktop com- 
puters within the company. 
Digital Guardian, which can 
be installed either covertly or 
overtly, provides the ability to 
monitor a user’s activity per a 
defined policy. The product 
can also be leveraged to con- 
trol a user’s desktop. 

When properly deployed, 
Digital Guardian lets you log 
activities that traditional 
intrusion-detection systems 
might not be able to detect. 
For example, it can monitor 


user 


| activities related to the copy- 


ing of data to external media. 
Products like this can address 


| internal investigations and fill 
| in the gaps that can be left be- 


hind by other technology for 
protecting intellectual proper- 
ty. But make note of that 
“when properly deployed.” 


Deployment Planning 
Deployment isn’t as simple as 
merely installing software and 
then monitoring users’ activi- 
ties. When you’re dealing with 
software that can affect many 
employees and must be in- 
stalled on many desktops and 


| laptops, proper planning is 
| essential. 


In this case, the technical 
elements of the deployment 
were somewhat lacking, and 
now I have to deal with the 
ramifications. For example, 
the application will need to 


| be tested on multiple desktop 


configurations. We have a 
worldwide presence that ne- 
cessitates the support of mul- 
tiple languages, and we also 


| have to be wary of all sorts of 


third-party applications that 
may conflict with the product. 
In addition, we're going to 
need to train the help desk to 
deal with issues that may 
arise. Roles and responsibili- 
ties of various parties have to 
be defined, the support struc- 


| and policies have to be 








ture has to be established, a 
rollout plan has to be devised, 
man- 
aged. We have to understand 
the relationship between the 
management server, which is 
responsible for managing poli- 
cies and collecting logs, and 
the individual agents, which 
reside on each user’s worksta- 
tion. Are there bandwidth is- 
sues that the network team 
might need to know about? 
Ports that need to be opened 
on the firewall? Redundancy 
issues? Fail-over considera- 
tions? Storage requirements? 
Fundamental documentation, 
such as test plans, architecture 


| diagrams, project plans and 


timelines, weren’t created. 
Now that we’ve begun to 
address these matters, things 
seem to be going well, and I 
have high hopes for the 


prod- 


| uct’s use in our environment. 


But if this isn’t tested properly, 
and if the underlying support 
infrastructure isn’t defined, 
the project could fail. 

Also, that line between in- 
formation security and physi- 


| cal security needs to be de- 


fined and clearly understood. 
Rogue access-point detec- 
tion is a perfect example. As 


| the information security man- 
| ager, I’m responsible for de- 


ploying the technology that 
will be used to identify the in- 
stallation of unauthorized 
wireless devices within the 
company. However, entering 
an employee’s office or dealing 


with an employee directly to 


obtain the access point will fall 
under the physical security de- 
partment’s responsibilities. 

Another example is data 
forensics. We are in the 
process of purchasing soft- 
ware for that, and we may set 
up the process so that physi- 
cal security will image the 
drive while information secu- 
rity conducts the actual foren- 
sic investigation. D 


WHAT DO YOU THINK? 


This week's journal is written by a reai secu- 
rity manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 
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NAR TARY 
Security Bookshelf 
Rootkits: Subverting the Win- 
dows Kernel, by Greg Hoglund 
and Jamie Butler (Addison- 
Wesley Professional, 2005). 

| picked up this book because 


rootkit titles 
that focus on 
the Windows 
environment. 
I'm glad | did. 
The book has 
excellent techni- 
cal explanations 
of security is- 
sues such as 
subverting Windows in order 
to deploy rootkits and execute 
other types of malicious code. 
Some parts were a little over 
my head, but | enjoyed learning 
how keystroke loggers work 
and how they can be layered in 
with other device drivers so 
that a malicious scripter can 
sneak them in. Despite the 
deep tech talk, this is a good 
reference tool. 

- Mathias Thurman 


Hack in the Box 
Has Prize Inside 
Taiwanese microprocessor 
vendor Via Technologies Inc. 
offered a $5,000 prize to the 
hacker who could break its 
StrongBox security applica- 
tion during a hacking contest 
at the Hack in the Box Security 
Conference, which took place 
last week in Kuala Lumpur, 
Malaysia. Announced last 
week, StrongBox uses a com- 
bination of hardware-based 
SHA-1 and 256-bit AES en- 
cryption to create a secure vir- 
tual drive on a computer of up 
te 40GB. The application is 
designed for computers based 
on Via’s C7 and C7-M proc- 
essors that have the com- 
pany’s PadLock Security En- 
gine. As of press time, no one 
had claimed the prize. 


Phone Security 
Spec in the Works 
Anew mobile security specifi- 
cation being developed by the 
Trusted Computing Group is 
expected to be released in the 
first half of 2006. 
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0Q0 Upgrades 
Handheld PC 


@ San Francisco-based handheld 
PC vendor 0Q0 has launched its 
newest device, Model 01+. It fea- 
tures upgraded memory, a larger 
hard drive, faster USB support 
and an improved universal power 
supply, according to 0Q0. Model 
01+ runs Microsoft Windows XP 
and has 512MB of RAM, a 30GB 
shock-mounted hard drive, USB2 
and a universal power cord that 
can be used on airplanes or in 
automobiles. It starts at $1,899. 


Nortel Updates 
Contact Center 


® Nortel Networks Corp. an- 
nounced Expert Anywhere Con- 
tact Solution, a feature of its new 
Contact Center 6.0 release that 
gives corporate users the ability 
to send a customer call to any ex- 
pert customer service agent, re- 
gardless of location. Expert Any- 
where is part of Nortel’s Applica- 
tion Center, which is based on the 
SIP standard. 


Symbol Launches 
Bar Code Scanner 


® Symbol Technologies Inc. in 
Holtsville, N.Y., announced the 
LS4208 laser bar code scanner 
for use in retail, health care and 
warehouse settings. The device 
uses a multiline scan pattern for 
scanning of one-dimensional bar 
codes. It offers a 19-inch scan- 
ning range and will tolerate more 
motion than existing models. It’s 
available now for $265. 


Sun Releases 
StarOffice 8 


@ Sun Microsystems Inc. has re- 
leased Version 8 of its StarOffice 
desktop productivity suite. The 
software now complies with the 
OASIS OpenDocument standard 
to improve its ability to share 
documents with competing soft- 
ware suites, including Microsoft 
Office. Pricing starts at $35 per 
user on a tiered basis. 
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Keep Humans in the 
Authentication Loop 


ROVING THE IDENTITY of a human com- 
puter user is so yesterday — all those what- 
you-have, what-you-know and what-you- 
are questions. Biology is so trivial compared 
with well-designed authenticating devices, 
though the missing human raises big philosophical 


questions. 

Device authentication is 
being refined now to codify 
how computer hardware and 
software will prove they are 
secure for future automated 
services. Without humans 
in the loop, computers will 
soon be interoperating and 
exchanging software updates 
on their own. 

The big debate is over au- 
thenticating devices unfet- 
tered by human control 
mechanisms. The argument 
is over which master your 
PC should serve, the local biology or 
some distant master with regulatory 
connections. 

Device authentication woven into the 
Internet can turn your computer into Big 
Brother, an enforcement tool for copy- 
right owners demanding annual sub- 
scriptions or one-time fees. It can stop 
you from playing that song or movie 
your friend shared with you. It can keep 
you from breaking the law, regardless of 
your wishes. 

Device authentication offers a lot of 
very useful technologies to secure the 
Internet, with memory curtaining, se- 
cure input and output, and sealed stor- 
age. Even in the technology community, 
where varying opinions abound on 
everything, a consensus has formed 
around the undeniable usefulness of 
these device authentication methods, 
which have roots in the Trusted Com- 
puting Group’s trusted computing secu- 
rity model. 

The TCG’s security model has tradi- 
tionally focused on software isolation, 
keeping programs from interfering with 





one another. It did not at- 
tempt to throttle insecure, 
harmful or undesirable soft- 
ware, reflecting the democ- 
ratic tradition of not making 
too many laws to protect 
people from themselves. 

But an evolving TCG de- 
vice authentication standard 
called remote attestation 
is taking the TCG into un- 
charted philosophical wa- 
ters. Remote attestation gen- 
erates a hash value for soft- 
ware modules authenticat- 

ing to services or other software, with no 
user involvement. If users attempt an 
end run by altering the hash value, they 
won't be recognized by the remote ser- 
vice or software. Your PC, in effect, has a 
governor on it telling you what you can 
and cannot run. 

The information libertarians at the 
Electronic Frontier Foundation are call- 
ing remote attestation a Trojan horse 
threat to the free marketplace of infor- 
mation. In the words of the EFF’s Seth 
Schoen, remote attestation “fails to dis- 
tinguish between applications that pro- 
tect computer owners against attack and 
applications that protect a computer 
against its owner [who] is sometimes 
treated as just another attacker or ad- 
versary who must be prevented from 
breaking in and altering the computer’s 
software.” 

The cybervigilantes at the EFF take 
issue with the potential anticompetitive 
and anticonsumer direction of remote 
attestation. The EFF sees removing biol- 
ogy from the authentication process as a 
threat because the owners of the ser- 





vices or software will be able to enforce 
actions onto users. 

According to the EFF, remote attesta- 
tion is not “part of the rationales for 
trusted computing publicly offered by its 
proponents.” For a hidden agenda, they 


look no further than the Digital Millen- 


nium Copyright Act (DMCA). The EFF 
also points to another evolving standard, 
the Copy Generation Management Sys- 
tem for Analog (CGMS-A), as the Big 
Brother that will protect all copyrighted 
content on the Internet. CGMS-A, in tan- 
dem with remote attestation, will en- 
force preferences for recording or play- 
ing a protected work. 

The EFF sees a huge new market being 
created by large corporate content own- 
ers and technology companies that will 
charge you for every song played on your 
iPod. A software behemoth in Redmond, 
Wash., is in discussions with entertain- 
ment companies regarding the Microsoft 
Protected Media Path project. PMP pre- 
vents peripherals, like DVD drives, from 
playing unauthenticated software. Who 
wants to be locked out of the Windows 
home entertainment marketplace? 

When you're finished contributing to 
Hurricane Katrina relief, sign on to sup- 
port the EFF’s Owner Override proposal. 
Owner Override puts humans back into 
the device authentication loop. Users 
can opt to break the copyright law. 
Humans, as they did before the DMCA, 
can misrepresent their computers and 
give the desired remote attestation hash 
value, even if it doesn’t reflect the actual 
state of their machines. 

Owner Override takes away the PC’s 
ability to spite its owner. It removes the 
potential for remote attestation to push 
the TCG into anti-interoperability and 
anticompetitive policies. In a democracy, 
citizens should be able to choose if, and 
how, they want to obey the law — as 
well as suffer the consequences of their 
actions, ergo speeding tickets. @ 56887 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 








Simplify your |.T. and your business. IBM servers and storage are designed to 
help you do just that. Take the IBM TotalStorage” DS4100 Express with DACstore. 
It can help you reconfigure or add capacity while staying up and running. 
No need to stop to reset drives. 


Because with IBM Express, innovation comes standard. That's true for servers, 
storage and printers. What's more, you can keep your technologies current 
while helping to reduce costs — through IBM Global Financing. 


All things considered, an |.T. hero deserves nothing less. 
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Brilliant color, 


most cost-effective, 


and very well connected. 


Now there’s a color printer you'll want on your team for the long run. 


For vivid color and outstanding value there’s nothing like the 
new Kyocera FS-C5030N, 600 dpi color printer. It boasts 
26 dazzling prints per minute and the Lowest Total Cost 
of Ownership in its class* It saves you money over time, so 
now, you can afford to add color to any text document, or 


presentations with charts and images. What's more, IT people 
love this printer because of its advanced print driver technology 
— one driver, one install. No wonder Kyocera printers have won 
numerous industry awards for technology and overall reliability. 
So get connected today and start saving. 


Visit our web site today: www.kyoceramita.com/newproducts 
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eople rriendly. whole new reason to smile <x KYOCERA 


©2005 Kyocera Mita Corporation and 
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Interns 201 

Now that fall is here and your 
summer interns have gone back 

to school, it’s time to upgrade your 
internship program so that it deliv- 
ers more value for you and them 
the next time around. Page 44 
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‘What We Have HerelsanITProblem...’ | opinion 
Is there any way to end the finger-pointing 

between IT and business? IT professionals 
Jennifer Pfaff and Doug Pfaff share their 
(sometimes differing) viewpoints about 
why it’s often so hard for the two sides 

to get along. Page 42 


DAVID HOLLENBAC 


Connected or Addicted? 
Keeping in touch is great, says 
Paul Glen, but when managers 
go overboard, they can harm 
their staffs, their companies and 
themselves. Page 46 


Do you know how to respond to 
the inevitable security breach’? 
You'd better. By Mary Brandel 


DATA SCANDAL roll 

call would include big 

names in nearly every 

industry. Bank of Amer- | 

ica, LexisNexis, Time | 
Warner, DSW Shoe Warehouse, 
T-Mobile and the University of Cali- 
fornia, Berkeley, to name a few, have 
recently experienced data security 
breaches. And some experts say that 
there are hundreds if not thousands 
of other, less-publicized cases in 
which sensitive personal data has 
been compromised. 

“There’s the hospital that unwit- 
tingly exposes a couple of AIDS pa- 
tients, or the bank that inadvertently 
discloses to a creditor someone's 
complete financial background,” says 
Diana McKenzie, who chairs the IT 
group at Neal, Gerber & Eisenberg 
LLP, a Chicago law firm. “There are 
tons and tons of examples like that.” 

For ClOs, this trend means two 
things: It may not be a case of 
whether your company will experi- 
ence a data security breach but when 
it will experience such a breach. 
And, particularly if you’re one of 
the unlucky 10% or less who find 
their stories blasted throughout the 





national news media, you'd better 
know beforehand how you're going 
to respond when a breach occurs 


A New Reality 


“In days gone by, you could have 
thrown up your hands and said, 
‘Geez, this was an accident,’ ” says 
Scott Sobel, vice president at Levick 
Strategic Communications in Wash- 
ington. “But now people are more fa- 
miliar with IT processes, and they 
may believe that if controls weren't 
in place, someone was negligent or 
malicious.” 

That’s why your immediate re- 


| sponse to a security breach is all- 


important. And it’s not enough to 
lean on processes you've put in 

place to respond to more traditional 
threats such as viruses and hacker in- 
filtration. Today, threats can emanate 
from sources as varied as fraudulent 
businesses or tape thieves. 

“The failures in the business 
processes that have occurred this 
year are causing organizations to 
redesign the way they respond to 
future incidents or anomalies,” says 
Rich Baich, managing director at 
PricewaterhouseCoopers and former 
chief information security officer at 
ChoicePoint Inc. in Alpharetta, Ga. 
Earlier this year, it was revealed that 
ChoicePoint had released con- 
sumers’ personal financial informa- 
tion to data thieves posing as legiti- 
mate businesses. 

One important change worth con- 
sidering, Baich says, is to create and 
publicize a central mechanism for 
employees or the general public to 
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report possible breaches, including 
incidents involving low-tech actions 
such as fraud or tape theft. There 
should be a response team that follows 
an established set of protocols, not 
unlike those of customer service hot 
lines, where a trained group follows 

a decision tree and escalates its re- 
sponse depending on the nature of the 
problem. 

The exact response protocol will 
be unique to each organization. Some 
may want to report directly to the gen- 
eral counsel, others to the CISO, and 
others to the president of the company. 
However you choose to do it, the esca- 
lation procedure should be defined 
and agreed upon in advance. 

“It needs to be something that says, 
‘During Christmas time, from this hour 
to this day, John Brown is head of the 
team, and he’ll have access to this at- 
torney and this PR person and this 
decision-maker and this representative 
of the union, instantly,” Sobel says. 

Having a central point of contact 
would also help avoid the common 
problem of not taking incident reports 
seriously, McKenzie says. “If a busy ex- 
ecutive gets a call from a person outside 
the company who doesn’t sound so- 


Here are four steps that Forrester 
Liver Term OMe OTL) Set 0 ME oe 
advises CIOs to take to prepare for a 
memes: eB 
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Review your privacy policy. 
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Classify personal information. 
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phisticated, or from someone lower in 
the organization who thinks something 
odd is happening, there’s a tendency to 
dismiss it,” she says. “I can’t tell you 
the number of times I’ve had a person 
forget to get the phone number or even 
the name of the person who called.” 


Teamwork 

The word team can’t be overempha- 
sized, McKenzie says. The days are gone 
when IT worked in isolation on securi- 
ty incidents. The public relations and 
legal departments need to be involved 
as soon as possible, even as you're still 
figuring out the depth and breadth of 


| the problem. “While you're starting to 


fix, document and understand the 
problem, you want to start the lawyers 
mitigating risk and the PR folks prepar- 
ing communications,” McKenzie says. 

“The IT guy keeping it to himself is 
a really bad idea,” she adds. Not only 
are there disclosure requirements, 
but your public relations people will 
also need some lead time to fully un- 
derstand the problem and prepare a 
response. 

At Vanguard Managed Solutions 
LLC, IT works hand in hand with the 
legal and marketing departments dur- 
ing times of crisis. In the 300-employ- 
ee managed services provider in Mans- 
field, Mass., security incidents are es- 
calated to management-level employ- 
ees in the network operations center, 
says Eric Welz, senior solutions archi- 
tect. If the incident is determined to be 


| severe enough, marketing, legal and IT 


work together to determine how it 
should be communicated to clients. 

Now more than ever, lawyers are 
crucial for correctly interpreting and 
responding to federal and state privacy 
laws. For example, California’s Senate 
Bill 1386 requires organizations to dis- 
close security breaches that involve 
private information about California 
residents. California Assembly Bill 
1950 requires “reasonable security” 
controls for California residents’ data. 
The Washington state government also 
recently enacted several bills address- 
ing security breaches, and other states 
may soon follow. 

Your legal department might decide 
to involve local law enforcement, 
which could affect whether your com- 
pany is allowed to disclose any infor- 
mation about the breach. If the police 
ask you to keep mum because they’ve 
determined that public disclosure 
would inhibit the investigation, be sure 
to get a letter documenting that request 
to avoid conflicts later, Baich says. 

Some experts suggest that compa- 
nies develop boilerplate language to 





IT’S CLEAR THAT an effective response 
to a data breach requires that IT have close 
relationships with the legal and public rela- 

tions departments - relationships that sim- 

ply don’t exist in many large companies. 

But at the very least, IT needs to know 
whom to call and how to reach them. With- 
out that, “it can really degrade into a Chi- 
nese fire drill, where everyone is running 
around trying to call other people,” says Pe- 
ter Gregory, chief security strategist at Van- 
tagePoint Security. The information that IT 
needs to share includes the nature of the 
event, what kind of data might have been 
affected and how it was affected, says Eric 
Welz, senior solutions architect at Vanguard 
Managed Solutions. For instance, was data 
altered or deleted, or was the application 
unavailable for some period of time? 

When discussing a possible security 
lapse with business people, avoid jargon. 
“You can say there was an overflow in the 
database logs, and they'll say, ‘Tell me 
something | can use,’ ” Gregory says. “It 
usually takes someone who can talk on 
both sides of the fence to properly describe 


enable a faster response. “Disclosures 
are sometimes required to happen 
quickly, and that’s not the time to start 
with a blank piece of paper,” says Peter 
Gregory, chief security strategist at 
VantagePoint Security LLC in Belle- 
vue, Wash. 


Deliberate Speed 


But don’t rush. “You don’t want to wait 
two days, but you can wait 20 min- 
utes,” says Gregory. “You need to fol- 
low the emergency procedures so that 
when the PR person is in front of the 
microphone, the information has 
flowed properly from the point of dis- 
covery, through IT management and 
sideways to PR and legal.” 

Or, as McKenzie puts it, “respond 
with cautious speed. On the one hand, 
a delay in responding can be fatal, but 
on the other, you need to have a rea- 
soned response, because this could be 
broadcast all over the country.” 

To avoid accusations that you didn’t 
work quickly enough to solve a prob- 
lem, McKenzie suggests calling in an 
IT forensics consultant — even if you 
think your IT staff is talented enough 
to analyze Web logs and other records 
effectively. “It shows you're taking it 
seriously: ‘We hired this gunslinger to 
help solve the problem expeditiously, ” 
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Legal Niceties 


the situation in business terms.” 

Many experts say the sooner you involve 
attorneys, the better. Scott Sobel, vice 
president at Levick Strategic Communica- 
tions, compares the situation to that of a 
city that assigns a district attorney as soon 
as a crime occurs. “They advise the cops 
from the very beginning on how to inter- 
view people and how to protect evidence,” 
he says. Similarly, he says, “there should be 
thought put into a legal model for ClOs and 
other C-suite executives.” 

For instance, managers may be tempted 
to launch their own investigations, asking 
supervisors to interview IT staffers about 
what happened. But the information uncov- 
ered in those interviews could be consid- 
ered discoverable evidence - meaning it 
would have to be disclosed upon request in 
court, says Sobel. If an attorney does the 
interviewing, the information could be pro- 
tected under the attorney-client privilege. 

“You have to resist the urge to fix things 
immediately,” he says. “The sooner attor- 
neys get involved, the better off you are.” 

-Mary Brandel 


she says. “If someone sues you for 
damages, it looks good from a PR 
standpoint that you hired someone 
immediately.” 

You should keep a fact-finding log to 
record any actions that the security 
team takes and any people it contacts, 
and that log should include the precise 
timing of every action. “When that’s all 
logged, it’s easier when someone asks 
what happened,” Baich says. 

Finally, when it comes time to com- 
municate with customers or the gener- 
al public, “be understanding and reas- 
suring,” says McKenzie. “There’s a ten- 
dency for people harmed by these inci- 
dents to sense a lack of empathy for 
their situation.” A kind and caring atti- 
tude on your part may lessen the 
chance of lawsuits and other litigious 
behavior, she says. 

“A security disaster will cause many 
to doubt the company’s ability to con- 
tinue operating,” Gregory says, “so you 
need to respond with well-thought-out 
statements that give the media and 
customers confidence that you're in 
control and are dealing with it.” 

@ 56888 





Brandel is a Computerworld contribut- 
ing writer in Newton, Mass. Contact her 
at marybrandel@verizon.net. 





YOUR JOB IS TO KEEP SYSTEMS AND APPLICATIONS RUNNING. 
OUR MISSION IS TG KEEP PEOPLE AND INFORMATION CONNECTED. 
LET’S WORK TOGETHER. 


Continuous access to information no matter what. That’s 
Information Availability. It's what your employees, suppliers and 
customers demand every minute of every day. But to deliver it 
flawlessly, you need a massive global infrastructure, redundant 
systems and diverse networks being monitored and supported 
by skilled technical experts at secure facilities. That’s exactly 
what SunGard provides. 


As a result, we can offer you a higher level of availability and 
save your company, on average, 25% versus building the 
infrastructure yourself. Plus, it’s a vendor neutral solution that 
lets you contro! your data,applications and network while giving 
you the flexibility to adjust to the changing needs of your 
business, But best of all, it lets you spend more time solving 
business problems and less time soiving technical problems. 


For years, companies around the world have turned to 
SunGard to restore their systems when something went 
wrong. So, it’s not surprising that they're now turning to us 
to mitigate risk and make sure they never go down in the 
first place. 


You want your network and systems to always be up and 
running. We want the same thing. Let's get together. To 
learn more, visit www,availability.sungard.com or call 
1-800-468-7483. 


SUNGARD 155"-2:. 


*Potentiat savings based on IDC White Paper, Ensuring !nformation Availability: 
Atigning Customer Needs with an Optima! investment Strategy. 
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What we have here is an IT problem... 


It seems that IT is the latest in a long line of business scapegoats. Finance, 
human resources, production and quality assurance have all had turns on the 
whipping post. Now it’s IT’s turn to take a few lashes. Or is it? Business has a 
way of assigning blame when it can’t react to customer needs as quickly as ex- 
ecutives would like. Here are some thoughts on how to get out of the hot seat. 


BY JENNIFER PFAFF 

AND DOUG PFAFF 

JENNIFER: “What we have here 

is an IT problem.” Our business 

team actually said this as we « +e 

started a meeting last week. That — a 

was their formal definition of 9 

the problem, as though they’d es a 
Aran sh Mt UL 


put it through some scientific 
analysis and that was the result. 
Come on! I was sitting in the 
same room with these people when they signed off 
on the project months ago. Did anyone really think I 
was going to buy into this? Things didn’t get any bet- 
ter when I mentioned that the application actually 
was operating within the service-level agreement. 


(Will I ever learn?) Because even though they signed 
off on both the application specifications and the 
SLA, I knew what was causing them to feel this way: 
As far as they are concerned, IT has a history of not 
delivering, and this was just another example of poor 
service. 


DOUG: When a teenager rubs his parent’s nose ina 
punishment he received — “Since you took my car 
away, you're going to have to drive me to work after 
school” — how often does the parent say, “Hmm, I 
guess I can’t ground you after all.” Unfortunately, IT 
is still viewed as a service unit in most companies 
(i.e., a child who must be tolerated). When you 
whipped out the SLA, they heard you say, “Hey, you 
made your own bed, now you've got to sleep in it.” 


JENNIFER: I get your point, but when does IT get to 
say, “If you don’t plan your project and you won't let 
us help you plan it, then you can’t yell at IT when it 
doesn’t go well”? I’m tired of business units being 
hypocritical about “process.” They want consistent 
and measurable output from IT systems, but when 
we try to use repeatable processes, all we hear about 
is how long it takes to get anything done. 


DOUG: Since IT rarely drives the revenue of the busi- 
ness, its policies are little more than lines in the sand 
at low tide. You can use your project-planning proc- 
esses all you want, but if you allow them to give you 
garbage at the beginning of the process, when the 
sledding gets rough, your process will be blamed as a 
hindrance to business. While your process may help 
you defend your position, it’ll be a Pyrrhic victory. 


JENNIFER: I don’t think you understand what I’m say- 
ing. If the business doesn’t ask us to measure load 
time, for example, how can it be IT’s fault when load- 
time metrics aren’t produced at the end of the proj- 
ect? Funny, but this doesn’t sound like an IT problem. 





eae ae Be 


_ aria 


www.computerworld.com 


In fact, it sounds a lot like a business problem. 
What’s Pyrrhic about that? 


DOUG: You're still not getting it. It’s an ownership 
problem. People in business units think that if a com- 
puter is needed during the work 
process, the solution depends 
entirely on IT. They absolve 
themselves of as much responsi- 
bility as possible. To follow your 
load-time example, their argu- 
ment would probably be, “Hey, 
you're the experts. You should 
have known that we’d need 
load-time reports.” 

One of the great problems 
facing IT leadership right now isn’t technological 
convergence or service-oriented architectures or any 
of the other highfalutin topics being thrown around; 
it’s ownership. Problems and their solutions need to 
be entirely held by the business units. IT can help 
them get to a solution faster by providing a frame- 
work, intelligent consulting and the technical skills 
to implement it, but it can’t own the solution. In oth- 
er words, in businesses where IT doesn’t generate 
revenue, IT should be the “how,” not the “what.” 


MANAGEMENT 


JENNIFER: I think IT professionals are some of the 
few people qualified and visionary enough to devel- 
op new solutions to old problems. If business really 
is washing its hands of responsibility, then I think 
that makes the case for following a repeatable proj- 
ect process to make sure we give them what they 
want. In my Utopia, we all follow a repeatable IT 
methodology, and the business tells us what work 
processes are actually occurring and diagrams them 
accurately. Then, the business people write out what 
they want to happen in their new application and ask 
the IT team for a technical recommendation on how 
to make it a reality. The business also provides rea- 
sonable budget numbers, realistic timelines and co- 
operative business resources. Is that asking too much? 


DOUG: Wow, that’s quite a little fantasyland you’ve 
created for yourself. Actually, I agree with you on 
this one; what you just described is the business 

defining the “what” and IT controlling the “how.” 


JENNIFER: I love it when you patronize me. I just read 
that in cases where a repeatable process is followed, 
the success rate of IT projects skyrockets to 91% 
from something like 38%. If and when that starts to 
happen, budgets and timelines will increase. 
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DOUG: You're right; the success rates jump. But I bet 
if you examined the entire process, you'd find that 
before the IT project even got started, there were 
systemic changes throughout the business that made 
those repeatable IT proc 
can’t exist independently of their inputs and outputs. 
No one knows this better than IT professionals. IT 

ethodologies almost always depend on non-IT 
data. If the corporate culture allows that data to be 
nonrepeatable, unreliable and unquantifiable, the 
battle to systematize their processes will be all 
uphill. 

Again, it’s ownership. If the business owns the 
issue, they'll clean up their own house — and that 
includes their business processes. 


ses possible. Processes 


JENNIFER: Oh, it would be so nice. We would have so 
many projects coming into IT, we would have to cre- 
ate a project management office to handle the influx. 
That would be a great IT problem to have, wouldn’t 
it? @ 56830 
Jennifer Pfaff is a PMP certified project manager, and 
Doug Pfaff has led IT organizations of all sizes. They 
live, work and bicker in the Detroit area. Contact them 
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Interns 


Tweaking your student intern 
program now will help you 
deliver more value next 
summer. BY JUDY ARTUNIAN 


HE IT DEPARTMENT at National Instru- 
ments Corp. learned the hard way about 
the ins and outs of developing projects for 
summer interns. “We struggled with mak- 
ing sure the interns were getting a good 
project,” recalls Carol Watkins, director 
of the Austin-based company’s internal 
IT operations. 

That struggle included delaying or scaling back 
projects that were too extensive to be completed 
during a summer internship and dealing with push- 
back from interns when assignments such as writing 
reports didn’t give them the hands-on experience 
they wanted. 

Sound familiar? Now that your summer interns are 
back in their classrooms, it’s a good time to consider 
how your internship program might be tweaked to 
create an even better experience for all concerned 
next time. 

Student interns can be a godsend when they help 
you make quick work of a project that has been lan- 
guishing for some time. But to get the most from 
your interns, you need to make the experience re- 
warding for them as well. 

National Instruments’ IT department kept that in 
mind when it revamped its system for assigning proj- 
ects to interns. Cross-functional teams consisting 
of IT and business managers now help determine 
which projects are appropriate for interns and match 
them with projects. “Now we make sure the project 
can be handled in an appropriate time frame, that it 
has a tangible deliverable and that the student knows 
he is adding value to our organization,” says Watkins. 

At Cordis Corp., a Johnson & Johnson company in 
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Miami Lakes, Fla., managers and senior directors be- | environment,” says QVC’s Cochran. “It’s one thing to 


gin reviewing interns’ résumés two months before 
they arrive. They look for technical know-how, but 
that’s not all, says information management manager 
Jim Mulligan. For example, one intern who happened 
to be an excellent writer was assigned to help pre- 
pare documentation and training manuals. 

As the IT team at National Instruments learned, 
interns sometimes bristle at being confined to rou- 
tine tasks like writing reports or installing software. 

“Don’t automatically assume what the 
intern’s interest and skill levels are. See 
what they’re capable of,” says Nicholas 
Stanko, a Pennsylvania State University 
junior who recently completed a sum- 
mer internship at QVC Inc., a West 
Chester, Pa.-based electronics retailer. 
“I was given as much leeway as I wanted 
in terms of trying different projects.” 

Rob Cochran, QVC’s CIO, agrees. “Let them ex- 
plore opportunities,” he says. And remember that the 
interns may be evaluating you. “They are kind of in- 
terviewing us as a possible place to work,” he says. 


Making Connections 


If the primary goal of your internship program is to 
recruit full-time employees, help interns form rela- 
tionships not just within IT, but throughout the com- 
pany. “These may be the people they work with in 
the future,” says Grace Rice, program manager for 
the Technology Associate program at KeyBank in 


| Cleveland. “Model your program so that it fully inte- 


grates the intern into the business.” 

There are many ways to introduce interns to other 
managers. KeyBank invites them to join the compa- 
ny’s new IT hires at orientation sessions, including 
attending talks given by executives from the bank’s 
lines of business. Interns at National Instruments 
give presentations to all the company’s IT managers 
at the beginning and the end of their internships. 

Interns who don’t see the purpose of some of these 
activities may feel they’re a waste of time, so make 
sure they understand the benefits of rubbing elbows 
with senior management. 

Terry Pietrondi interned at KeyBank during the 
summer of 2004 while he was a computer science 
student at Kent State University. He was curious 
about the IT side of bank operations. 

“J thought it would be cool to work in a not-so- 
obvious environment,” Pietrondi says. “I was sur- 
prised by how technical a bank can be.” 

But not all the activities made sense to him initial- 
ly. “I got involved in meetings where I felt out of 
place for a while,” says Pietrondi, who has since 
graduated from Kent State and is now a trainee in 
KeyBank’s Technology Associate program. 

Besides feeling too green to participate in the dis- 
cussions, Pietrondi says he wondered why he was 
there, since he didn’t have decision-making privi- 
leges. But after a few meetings, his discomfort faded. 

“Tt was a matter of getting used to the idea that I 
was there for the learning experience,” Pietrondi re- 
calls. Moreover, he adds, “people saw my face and 
knew my name. Opportunities came my way from it.” 

It’s not just meetings that can trip up a student in- 
tern; some need help acclimating to a corporate cul- 
ture. “They aren’t used to working in a full-time job 
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OFFSHORE INTERN 


A grad student back from a 
summer internship in India says 
the U.S. just doesn’t get it: 
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write a program and another thing to do it eight 
hours a day.” 


Learning the Ropes 

To help them feel at home, Cordis offers a one-day 
class called Backpack to Briefcase, in which the in- 
terns learn the basics of business etiquette, how to 
dress and other facts of corporate life. 

IT managers who are new to supervising interns 
may be surprised to find their manage- 
ment skills challenged by the interns’ 
need for guidance with the mundane 
routines of the workaday world. 

Wayne Belvin, an IT project manager 
at energy giant Dominion Resources Inc. 
in Richmond, Va., meets weekly with his 
interns to discuss their assignments, as- 
pirations and any difficulties they may be having. 

“A lot of interns have technical skills that can be 
applied pretty readily,” Belvin says. “But you have to 
help them with skills like organization, team-build- 
ing and relating to other folks in a corporate environ- 
ment.” 

He helps interns settle in by teaching them how 
to do seemingly simple tasks such as creating to-do © 
lists and planning their work on a calendar based 
on due dates and project priorities. 

But often the greatest impact comes from the 
unplanned lessons learned in the IT trenches, and 
that’s really what an internship is all about. 

Pietrondi recalls that when the identity manage- 
ment project he was working on stalled, he suspect- 
ed that the culprit was poor communication among 
the project teams. 

“My biggest learning experience was listening to 
how people communicate,” Pietrondi says. “I learned 
that it’s not the technology that makes or breaks the 
project most of the time. It comes down to people.” 


@ 56837 





Artunian is a freelance writer in Newport Beach, Calif. 
Contact her at jartunian@sbcglobal.net. 
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EVENTS 


Network 
Systems Design 


® Oct. 18-20, San Jose 
Sponsor: The Linley Group Inc. 
Topics at the Network Systems Design 
Conference include an overview of net- 
working systems technologies, choos- 
ing a network processor, advanced 
switching, next-generation broadband 
technologies, processors for data cen- 
ter applications, packet processing in 
access infrastructure, multiprotocol 
design and high-performance CPUs. 
www.networksystemsdesign.com 


Wireless and Mobile 


= Oct. 26-28, Boston 
Sponsor: Trendsmedia Inc. 

The WiMax World Conference in- 
cludes tracks on business, technology, 
municipalities and voice over IP. Topics 
include the state of the industry, the 
dynamics of successful deployment, 
service provider perspectives, deliver- 
ing personal mobile broadband, mu- 
nicipal broadband infrastructure, VolP 
costs and business models, market 
analysis and the mobile enterprise 


Leadership 


® Nov. 6-8, Boston 

Sponsor: AMR Research Inc. 
The 2005 Executive Leadership Con- 
ference includes sessions on linking IT 
to productivity improvement, the inter- 
section of IT and business process, 
the 25 companies with the best supply 
chains, performance management and 
performance improvement, demand- 
driven supply networks and service- 
oriented architectures. 
Www.amrresearch.com 


Security 

® Nov. 14-16, Washington 
Sponsor: Computer Security 
Institute 

The CSI's 32nd annual Computer Se- 
curity Conference tracks include an 
introduction to computer security, 
training and education, management, 
government, risk and audit, compli- 
ance and governance, critical issues, 
attacks and countermeasures, foren- 
sics, identity and access management, 
working with developers, Web ser- 
vices and hands-on technology. 
www.gocsi.com 
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Connected or 
Addicted? 


IOs FREQUENTLY invite me to give pre- 
sentations to their management teams or 
to facilitate retreats. I’m always amazed 
by how many of the managers in those 
sessions feel compelled to answer their 
cell phones or monitor their “crack-berries” during 


those few short hours. 


I could tell you that this 
is the cost of competing in 
the blistering marketplace 
of the 24/7 economy, that 
it’s the inevitable result of 
globalization or that the 
participants in those meet- 
ings are just important 
people. But I don’t believe 
that pathological connect- 
edness is caused by any of 
these things. 

I suspect that managers’ 
rationalization for this sort 
of behavior falls into four 
categories: 

Neediness. The staff needs 
constant access to the boss in order to 
remain at peak productivity. They 
need immediate decisions. The boss 
needs a constant flow of status infor- 
mation. Without access, work stops. 

Responsiveness. If the boss doesn’t re- 
spond to the staff quickly enough, he 
will be viewed as aloof, uncaring or 
disengaged. Remaining in constant 
touch symbolizes the value that the 
boss places on the staff. 

Connectedness. Supervisor and staff 
form an intimate community. If the 
boss disconnects from the collective, 
he will be lost. 

Relationships. The boss is at the center 
of a network of relationships and must 
constantly monitor and manage the 
expectations of all the stakeholders. 
New technology has raised the expec- 
tations of the speed of communica- 





tion, so he must respond to 
everyone immediately in 
order to maintain produc- 
tive relationships. 

While each of these has 
some validity, I suspect 
that they are more excuses 
than explanations. This 
sort of behavior is really a 
symptom of a deeper prob- 
lem: connection addiction. 

Dictionary.com offers 
one definition of addiction 
as “the condition of being 
habitually or compulsively 
occupied with or involved 
in something.” Here, con- 


nectivity is the pathological something. | 


This connection fixation can arise 
for a number of reasons: 

Ego. What could be a better ego 
stroke than having a constant line of 
people waiting outside your electronic 
door? It’s very satisfying to be needed. 

Mistrust of staff. Many managers fear 
that if they are out of touch, their staff 
will be either unable or unwilling to 
continue working. On one hand, they 
may assume that their people are inca- 
pable of working without constant su- 
pervision. On the other, they may as- 
sume that their people are inherently 
devious. Some may even believe both. 

Sense of importance. That feeling of be- 
ing the indispensable man is a great 
high. It’s great to be “in the loop,” con- 
stantly “in the know.” 

Confusion about the real role of a manager. 





Too many managers have adopted the 
mentality of the preindustrial foreman. 
They think that the role of the manag- 
er in the age of knowledge work is the 
same as that of the overseer on the 
plantation: to stand watch over the 
workers and make sure that they’re 
productive. 

OK, you might say, hyperconnected- 
ness isn’t particularly useful, but 
where’s the harm? 

This addiction has costs for every- 
one involved — manager, staff and 
organization. 

For the manager, it leads to an un- 
balanced life. Everything takes on an 
unnatural sense of urgency, and relax- 
ing can be difficult. The manager can 
also wind up constructing a personal 
identity that’s too tied up in a particu- 
lar job. While business is important 
and fun, it’s too easy to lose a job and 
be left without a core sense of self. 

For the staff, it creates a constant 
dependence on the presence of the 
manager. This kills their desire to take 
initiative. They become much more 
concerned with carrying out the boss’s 
orders than with meeting the goals of 
the organization. 

Finally, the organization becomes 
fragile. If key players go missing, the 
productivity of dozens of people may 
suffer. 

If you can’t disconnect the electron- 
ic bands of connectivity for a couple 
of weeks or even for a few hours, you 
need to rethink your management ap- 
proach. Hyperconnectivity could be 
a symptom of an important problem. 
Great managers create organizations 
that are resilient enough to keep mov- 
ing ahead, no matter who is out of 
touch. @ 56878 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
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Lanco Global seeks computer 
professionals with 2 years of 
exp. in the following skills: 
PROJECT MANAGER: Resp. 
for managing multipie projects. 
Managing, executing, designing, 
architecting, delivering projects. 
including analysis of user re- 
quirements, design, develop- 
ment and testing using Informat- 
ica, Erwin, Data Modeling, 
J2EE, Oracle, DB2, IDMS, Nete- 
grity SiteMinder, Web Sphere, 
Weblogic, Unix and Windows 
NT/2000. Applicants must have 
Masters or Equivalent in CS, 
MIS, CIS, Eng. (any field), Bus. 
Tech, Math or related 
SYSTEMS ANALYST: Resp. 
incl. providing complete solu- 
tions involving design, analysis, 
development, implementation, 
customization & integration of 
various legacy, client-server and 
web applications using Weblog- 
ic, Web Sphere, WSAD, JBoss. 
Tomcat, liS, Oracle, DB2, Sy- 
base, CLARIFY, J2EE, VC++ 
VB, VSS, Soap, Unix, and Win- 
dows NT/2000. Applicants must 
have Bachelors or Equivalent in 
CS, MIS, CIS, Eng. (any field), 
Bus., Tech, Math or related 

Will provide competitive salary 
and benefits. Email resume to: 
careersus@lancoglobal.com or 
mail to Lanco Global Systems, 
1725 Windward Concourse. 
Suite 150, Alpharetta, GA 
30005. 


Computer Systems Analyst 


Analyze business data process- 
ing problems for application to 
electronic data processing sys- 
tems. Analyze user require- 
ments, procedures, and prob- 
lems to improve existing sys- 
tems and review computer sys- 
tem capabilities, workflow, and 
limitations. Design/develop com- 
plicated financial data process- 
ing software. Conduct systems 
analysis and product develop- 
ment throughout the full devel- 
opment life cycle. M.S. in Com- 
puter and Information Sciences, 
or Electrical Engineering. Must 
have ability to use J2EE, XML 
and design patterns. 40 hrs/ 
week, 9am-5pm. Positions avail- 
able: multiple. Resume to: Mr. 
Vichael Fleming, VP of Engin- 
eering, EPL inc., 22 Inverness 
Parkway, Suite 400 
Birmingham, AL 35242 


SAP consultants for Pittsburgh, 
PA. Design & Implement soft- 
ware apps to support MM/FICO/| 
HR/QM/PP/SEM/SD modules in 
SAP R/3 environment. Should 
have worked on ABAP with BW/ 
WORKFLOW/CRM/X! NetWea- 
ver Components, Oracle, Data 
Interfaces with MainFrame sys- 
tem, C++, BSP, Peri& Shell 
scripting. Bachelors or Eqv. 
req'd in Computers, Eng.or relat- 
ed field of study + 2 yrs of relat- 
ed exp. May be relocated to var- 
ious unanticipated locations 
throughout the US. 40 hrs/Wk 
Must have legal authority to 
work permanently in the U.S. 
Send resumes to HR, Technoio- 
gy People, Inc., 7 Parkway 
Center, Ste 679, Pittsburgh ,PA 
15220 


APPLICATION DEVELOPER 
Application developer lead for 
Kerzner International Resorts, 
Inc. in Plantation, FL to manage, 
direct and oversee Information 
Technology (IT), programming 
and web-based program opera- 
tions to provide the technical 
architecture of websites for com- 
pany to ensure accessibility, 
usability and reliability. Qualified 
applicants will possess a Bach- 
elor's degree in Computer Sci- 
ence or equivalent. Forward 
resume to: Recruiting Depart- 
ment APTDEV1220, Kerzner 
International Resorts, Inc., 1000 
South Pine Island Road, 
Plantation, FL 33324. No phone 
calls please. EOE 


Senior Bioinformatics Analyst 
Assist in the planning, design, 
implementation and evaluation 
of web based applications to 
support the integration, consoli- 
dation and interpretation of ze- 
brafish gene structures, expres- 
sion patterns and mutant pheno- 
types. This position is with ZF- 
IN, the zebrafish model organ- 
ism database, (http://zfin.org ) at 
the University of Oregon. The 
qualified applicant will hold a 
Master's degree in related field 
with at least 2 years experience 
in bioinformatics, and possess 
an understanding of bioinformat- 
ics relational database systems, 
demonstrated proficiency with 
SQL, Peri, Unix and web appli- 
cation development in PHP or 
Java as well as experience es- 
tablishing large scale data an- 
alysis techniques and visualiza- 
tion tools using BLAST. Send 
resume with names and phone 
numbers of 3 references to E 
McCumsey, Institute of Neuro- 
science, 1254 University of Ore- 
gon, Eugene, OR 97403-1254; 
fax 541-346-4548. The UO is 
an AA/EO/ADA institution com- 
mitted to cultural diversity. We’ 
invite applications from candi- 
dates who share our commit- 
ment to diversity. Applications 
received by October 19th, 2005 
will receive first consideration 


Computer & Info Consulting Mgr 
- Delivery & Integration to plan, 
coord, & manage s/w systems 
integration & implementation 
projects on client site using com- 
pany's rules engine s/w products 
& systems. Extensive travel to 
client sites in U.S. Midwest & 
East coast regions. BS in CS or 
Comp Eng & 4 yrs exp. Exp. in 
developing rules-based compo- 
nents of applics; object-oriented 
programming; JAVA program- 
ming language & J2EE con- 
cepts; HTML, XML, JSP, Serv- 
lets & applic severs such as 
Weblogic & Websphere; integra- 
tion of large DBs & transactional 
systems. Job site Minneapolis or 
home office in client service 
area Apply on-line at 
www.fairisaac.com or mail to 
HR, Fair Isaac Corp. 901 
Marquette Avenue, #3200, 
Minneapolis, MN 55402. Must 
ref Job 711 for consideration 
Unrestricted right to work in U.S. 
required 


Software Engineer - Architect: 
Design secure, cost effective 
solutions using open source 
products, support multi-tier 
enterprise component archi- 
tectures. Responsibilities in- 
clude solution delivery. Utilize 
J2EE, Design Patterns,RUP, 
Spring, EJB, J2EE App Ser- 
vers, RDBMS. Reg. M.S. in 
Comp. Sci. or Engg. & 1 yr of 
exp. or B.S. in Comp. Sci. or 
Engg. & 5 yrs of exp. Send 
Resume to H.R. Talent IT 
Services, 776 N. Main St., 
2nd Floor, Manchester, CT 
06040. 


Imaging Systems Architect 
for SOURCECORP Inc., 
Job Location: Dallas, Tx 


Requires a Bachelor's degree in 
Computer Science, Mechanical 
or Computer Engineering and 5 
yrs experience in job offered; or 
5 yrs related experience in 
designing, developing, imple- 
menting and managing complex 
OCR/ICR imaging, data entry 
workflow systems using imaging 
and forms processing software 
life Formware, Teleform, Read- 
soft, Infoimage, Recostar, Mitek, 
Pixtools, LeadTools, and Free- 
form technology. 40-hr work 
week. Please submit your resu- 
me to careers@srcp.com_and 
reference job code 621721 


CIENA Healthcare seeks IT 
managers, System Analysts/ 
software engineers to write soft- 
ware in C/C++, VB. Require at 
least BS in computer science 
with 1-6yr exp as programmer/ 
analyst using special tvols. 
Send resume to 4000 Town 
Center, Ste. 380, Southfield, MI 
48075. No calls. EOE 

In-Venture Soft is seeking IT 
consultants to design & develop 
applications for various projects. 
Applicants must have MS/BS(1- 
5exp) with solid background in 
Oracle, WebSphere, Java, EJB, 
ASP. We offer competitive wage 
with full benefit. Travel maybe 
required. Apply at resume@ 


Interactive 

Info. Systems Co. 
Send resume to 
Kelley Brun, NXTV, 
Inc., 5700 Canoga 
Avenue, Suite 150, 
Woodland Hills, CA 
91367. 


Computer Systems Analyst 
needed to analyze science, 
engineering, business and data 
processing problems for applica 
tion to various data processing 
and operating systems, includ- 
ing: Windows NT/2000, Unix, 
Linux, and Sun Solaris. Analyze 
customer requirements, proce- 
dures and problems to improve 
existing systems and review 
computer system capabilities, 
workflow and scheduling limita- 
tions. Send resumes to NET |Q, 
Attention: Recruiting, Park Tow- 
ers North, 1233 West Loop 
South, Suite 1800, Houston, 
Texas 77027. Put job code 
1002110-CSA-IM on resume 


Systems Analyst 
Analyze/review Client Server 
(VB,.NET Source Code, MS 
SQLServer, Access DB Schem- 
as) & Legacy Systems; perform 
BPR, integrate back-end sys 
Des Sys Arch, des & dev UML 
diagrams, capture reqrmnts (use: 
case approach), map data, confi 
Mercury Test Director, test 
appin, test for Sec 508 web 
stnds. Use of MSVisio, Java 
NET, and DB. MS in CS or 
equiv w/1 yr exp in job offered or 
as S/W Eng, req'd. Multiple posi- 
tions. Send res to DBTS,Inc., 
Attn: CW 10-SA, 1100 H St. NW. 
Ste. 600, Wash, DC 20005 


Sys Admin w/MS in Comp 
Sci or related field & min 2 
yrs exp wanted by 4U 
Services dba Stellar Ser- 
vices, NY, NY. Analyze net- 
work requirement for enter- 
prise environment. Design 
Windows AD, Exchange, 
SQL, AVAYA PSTN, & CIS- 
CO systems. Apply knowl- 
edge of security protocols & 
arch to security system; 
document sys config & 
upgrades. Fax resume to 
(212) 510-2602 


Programmer Analyst needed 
w/2 yrs to analyze, dsgn, dvip, 
test & document client server 
applic s/ware using Oracle 
d/base, Oracle Forms, PL/SQL, 
Oracle Reports, TOAD & 
Designer/2000. Maintain cus- 
tomizations in Oracle Appli- 
cations ERP (Enterprise Re- 
source Planning). Maintain ver- 
sioning of custom objects using 
Clearcase & migrate custom 
objects using Kintana. Mail 
resumes to: Optima Technology 
Partners, Inc. 9 Mount Pleasant 
Turnpike, Ste 103, Denville, NJ 
07834. Job loc: Denville, NJ or 
in any unanticipated locs in U.S 


Database Administrator: For 
Main Line Health, Berwyn, PA 
install, configure, recover & 
insure perf. Relational DB Mgmt 
Sys (RDBMS); analyze & doc, 
des & imp RDBMS structures; 
diagnose & resolve RDBMS out- 
ages & failures; assist in dev dis- 
aster plans, test meth & mig 
paths; doc configurations 
Req's: Bach or equiv based on 
educ &/or exp in Comp Sci or 
rel. field. 5 yrs exp in job offered 
or 5 yrs DBA exp. Exp must incl 
instal, recover & perform Oracle 
ion Unix & Prog on Unix. Prof in 
Oracle, PL/SQL, PeopleSoft 
HRMS admin incl. full upgrade 
cycle, Unix (HPUX) & Unix Shell 
Scripting. 40hirs/wk. Send res to: 
kozickiji@mihs.org 


Business/Functional Analyst 
Research, configure, gather 
business requirements, create 
functional specifications, Fi- 
nancials/SCM planning, & tes- 
ting applications during Peo- 
pleSoft upgrades & provide 
input on new tools & method- 
ology. Utilize People Tools 
8.45/PeopleSoft FSM 84 
ARIAP, Billing, GL, Expenses 
and Project costing. Req. B.S 
in Comp. Sci. or Engg. & 2 
yeras exp. Send resume to 
GTS! Corp., Attn: HR Dept - 
Grace, 3901 Stonecroft Bivd 
Chantilly, VA 20151 


Systems Engineer: Analyze, 
architect, develop, integrate, 
administer & support Net 
Install 5.7. Automation, Pack- 
aging, distribution, Ghost im- 
aging, Bug fixes, MS Patch 
management and VBS/Batch/ 
Python scripting. Netinstall 
5.7, Python, VB, OPENPBS, 
SQL Server 2000, Track-it 
inventory tool, C++. Req. B.S 
in Comp. Sci. or Engg. Send 
resume to H.R. Comprehen- 
sive Software Solutions, Inc. 
3767 Summer Kitchen Way, 
Lilburn, GA 30047 


Computers 


Digital Authentication Tech 
(Boca Raton, FL) seeks 
Project Manager/Hardware 
and Software Design, with 
M.S. in CS or EE + 4 years 
exper. Must have experience 
using Forth, Java or C++, 
Device Driver or Em-bedded 
Systems, Network and Wire- 
less Programming and other 
skills. Send resume to 
ppatsis@dathq.com with Proj 
Mgr/HSD in subject heading 
no calls. EOE 
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Project Lead w/Masters or for- 
eign equiv in Comp Sci or Engg 
or Math & 1 yr exp to analyze, 
dsgn, dvip & test s/ware applics, 
develop Data Ware houses & 
Datamart Applics. Dvip user 
friendly front end forms & gener- 
ate reports using GUI tools, C 
C++, SQL, PL/SQL & Oracle on 
HP-Unix, Sun Solaris & Sco- 
Unix platforms. Use SQL Navi- 
gator & TOAD to navigate to 
Oracle d/base. Perform s/ware’ 
dvipmt life-cycle process. Super- 
vise 2 Prgmrs. Mail res to: BCC 
USA, Inc., 43 Stouts Lane, Mon- 
mouth Junction, NJ 08852. Job 
Loc: Monmouth Junction, NJ or 
in unanticipated locations in US. 


SPECIALIST, COMPUTER AP- 
PLICATIONS - Position avail- 
able at Florida Atlantic Univer- 
sity, located in Boca Raton, FL 
Design, develop & customize 
apps. that interact with relation- 
al databases (SQL Server, 
Oracle, MS Access). We are 
seeking candidates with MS in 
MIS/CS + 1 yr exp. Req'd 1 yr 
adv programming exp (UNIX & 
Windows) developing data- 
based apps. 40 hr/wk, 8:00 am 
to 5:00 pm, M-F. Please send 
resumes to: Paul Wright, Direc- 
tor, UAS, IRM at FAU, 777 
Glades Road, Boca Raton, FL 
33431 
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the law. The work covered 116 
business processes and 75 IT 
applications throughout the 
media company, whose divi- 
sions include CBS Broadcast- 
ing Inc., MTV Networks Co. 
and Nickelodeon Networks. 
One of the best lessons Via- 
com executives learned 
and acted on during 
the process was to 
identify and test inter- 
nal controls centrally 
rather than hand the 
work off to each of a 
dozen business unit 
leaders, Frieser said. 
“We developed a lot 
of guidance centrally 
instead of having a lot 
of guesswork in each 
of the business units,” 
he said. “We weren’t 
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perfect in 2004, but we got 
more right than we got 
wrong.” 

Michael Hultberg, executive 
director at Time Warner Inc. 
in New York, said officials at 
the media giant discovered 
during the first round of Sec- 
tion 404 compliance efforts 
that “many of the key controls 
we'd identified actually 
weren't that key.” 

Time Warner spent 
a mind-numbing 
350,000 man-hours 
identifying, evaluat- 
ing and testing its 
financial and IT con- 
trols, but it discov- 
ered a higher propor- 
tion of IT control 
deficiencies in areas 
such as security and 
change management, 
he said. 

Looking back on 
Time Warner’s first- 


NEWS 


| year experience, Hult- 
berg recommended 
that companies assign 
dedicated staffers to 
handle the work. “It’s 
a heck of a lot cheaper 
than hiring [a third 
party],” he said. 


Centralized Units 
Unlike Viacom and 

Time Warner, whose 
businesses are highly 
decentralized, The 

Dow Chemical Co. 

has a centralized business 
model to support 165 manufac- 
turing sites in 37 countries. 

As a result, when the Mid- 
land, Mich.-based chemical 
manufacturer conducted some 
30,000 internal control tests 
last year to meet its Section 
404 requirements, they were 
all reviewed by each of the 
work process owners, fol- 
lowed by the company’s inter- 
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nal audit department, 
said Ron Edmonds, 
global accounting 
director. 

“We have to figure 
out how to make [Sec- 
tion 404 controls veri- 
fication] more effi- 
cient,” he said. “We 
don’t want to see any 
deficiencies, but with a 
company our size, 
we're going to have 
them.” Dow Chemical 
had $40 billion in rev- 


| enue last year. 


One of the biggest chal- 
lenges companies faced last 
year was trying to test thou- 
sands of internal controls 


| with manual testing proce- 


dures instead of automated 
IT tools, said Harald Will, 
president and CEO of ACL 
Services Ltd., a Vancouver, 
British Columbia-based ven- 
dor of software for financial 


executives. As a result, many 
internal audit teams “didn’t 
get to everything they should 
have,” said Will. 

Because Section 404-related 
work consumed so much time 
and resources, many compa- 
nies ended up placing a num- 
ber of strategic IT-business 
projects on the back burner 
to meet the Dec. 31 deadline, 
said John Hagerty, an analyst 


at Boston-based AMR Re- 


search Inc. 

And while some strategic 
projects are still being de- 
ferred, many companies have 
been channeling their IT 
spending into areas such as 
business intelligence in order 
to provide senior manage- 
ment with greater visibility 
into organizational perfor- 
mance and operations. “That’s 
where the battle is being 
fought right now,” Hagerty 
said. @ 57184 
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PalmOS 


mis use Treo 650s running 
Palm OS to access the compa- 
ny’s Exchange e-mail server 
and place voice calls through 
Good Technology Inc.’s Good- 
Link service. Hagen said 
GoodLink gives him all the 
functions that Microsoft and 
Palm are promising in the de- 
vice based on Windows Mo- 
bile. And he said he doesn’t 
expect Palm to back away 
from Palm OS. 


Pessimistic Outlook 

But Drew Mazeitis, manager 
of mobility at Ferrellgas Part- 
ners LP, a nationwide propane 
retailer in Liberty, Mo., said 
that Palm’s market share has 
been “eroding quickly.” With 
last week’s announcement, he 
said, “every day we are closer 
to the reality that [Palm OS 
is] dead.” 

Ferrellgas uses Windows 
Mobile to power 4,000 custom 
handhelds used by propane 
service workers and about 50 





Samsung Corp. flip phones for 
the company’s executives. “As 
much as you hate to feed the 
Microsoft machine, they con- 
tinue to improve their prod- 
ucts and integrate things and 
make it hard for you to not use 
their stuff,” Mazeitis said. 
Sunnyvale, Calif.-based Palm 
said the new Treo will be avail- 
able in the U.S. early 
next year and will 
initially work on 
Verizon Wireless’ 
cellular network. 
With Windows Mo- 
bile 5.0, users will 
be able to hook 
their Treos into 
Exchange servers 
and deploy appli- 
cations written 
for Windows on 
the phones, ac- 
cording to compa- 
ny officials. 
Following the 
announcement, 
Gartner Inc. issued 
a report recom- 
mending that cor- 
porate users “make 
no further invest- 


Windows Mobile will allow 
Treo users to deploy appli- 
cations written for Win- 
dows on their phones. 


ments in Palm OS Treos for 
enterprise applications.” The 
new device should enable 
Palm to compete more effec- 
tively against Research In Mo- 
tion Ltd.’s BlackBerry and the 
growing number of handhelds 
based on Windows Mobile 5.0, 
Gartner said in the report. 
Palm OS is developed by 
PalmSource Inc., a separate 
company that last month 
agreed to be acquired by 
Tokyo-based Ac- 
cess Co. 

Gartner ana- 
lyst Todd Kort 
said the latest 
version of the 
software, called 
Palm OS Cobalt, 
has been “a fias- 
co” since its re- 
lease last year. 
Cobalt hasn’t 
been adopted by 
major Palm li- 
censees because 
it “requires a 
fantastic amount 
of memory” to 
run properly, 
Kort said. 








Ed Colligan, Palm’s presi- 
dent and CEO, didn’t directly 
address the future of Palm OS 
within the hardware vendor’s 
devices during a press confer- 
ence. But he called the sup- 
port for Windows Mobile “an 
expansion” of Palm’s product 
line. “This is not about other 
things going away,” he said. 
“This is about growth.” 


Windows or Nothing 
Afterward, a spokeswoman for 
Palm noted that some corpo- 
rate users have told the ven- 
dor that they wouldn’t consid- 
er using Palm’s hardware “un- 
less it ran Windows.” 

Dale Frantz, CIO at Auto 
Warehousing Co. in Tacoma, 
Wash., currently supports 30 
Treo 650s that run Palm OS 
and are used by executives at 
the new-car processor. But 
Frantz said he will “immedi- 
ately” transition to the Win- 
dows Mobile device when it 
becomes available. 

A feature for pushing e-mail 
over the Verizon Wireless net- 
work to the existing Treos re- 
quires a user’s PC and Out- 





look client to remain on dur- 
ing the process, Frantz said, 
describing that approach as 
“extremely unreliable.” Be- 
cause his staff has spent many 
hours trying to address the 
problem, converting to Win- 
dows-based Treos “would 
very quickly reduce PC tech- 
support costs,” he said. 

Pete Salerno, a technologist 
in the strategic alliances group 
at signaling software vendor 
Ulticom Inc. in Mt. Laurel, 
NJ., said he thinks that Palm’s 
embrace of Windows Mobile 
“means the end of the Palm 
OS, regrettably.” Salerno, who 
said he was speaking for him- 
self and not Ulticom, added 
that he’s concerned about 
Microsoft’s long-term commit- 
ment to addressing security 
concerns. @ 57193 


Tom Krazit of the IDG News 
Service contributed to this story. 


MORE NEWS ONLINE 


Cingular plans to offer Research In Motion’s 
BlackBerry software on a Nokia handheld: 


QuickLink 57224 
www.computerworld.com 





Periodical postage paid at Framingham, Mass., and other mailing offices. Posted under Canadian International Publication agreement #40063800. CANADIAN POSTMASTER: Please return undeliverable copy to PO Box 1632, Windsor, Ontario N9A 7C9. Computerworld (ISSN 0010-4841) is published 
weekly: except a single combined issue for the last two weeks in December by Computerworld, Inc.. 1 Speen Street, Box 9171, Framingham, Mass. 01701-9171. Copyright 2004 by Computerworld Inc. Alll rights reserved. Computerworld can be purchased on microfilm and microfiche through University 
Microfilms inc., 300 N. Zeeb Road, Ann Arbor, Mich. 48106. Computerworld is indexed. Back issues, if available, may be purchased from the circulation department. Photocopy rights: permission to photocopy for internal or personal use is granted by Computerworld Inc. for libraries and other users reais. 


tered with the Copyright Clearance Center (CCC), provided that the base fee of $3 per copy of the article, plus 50 cents per page. is paid directly to Copyr 
mission to reprint may be purchased from Renee Smith, Computerworld Reprints. c/o Reprint Management Services, Greenfield Corporate Center, 180 

www reprintbuyer.com. E-mail: reprints®computerworld.com. Requests for missing issues will be honored only if received within 60 days of issue date. Subs 
$250 per year; Europe ~ $295 per year; all other countries - $295 per year. Subscriptions call toll-free (888) 559-7327. POSTMASTER: Send Form 3579 (Change of Address) to Computerworld, PO Box 3500, Northbrook, lil. 60065-3500. 


learance Center, 27 Congress St., Salem, Mass. 01970. Reprints (minimum 100 copies) and per 
at Village Lane, Lancaster, Pa., 17601, (717) 399-1900, Ext. 172. Fax: (717) 399-8900. Web site: 
tion rates: SS per copy: U.S. - $99.99 per year; Canada - $130 per year; Central & So. America 


@aPa ABM @y 





ry Fy 
ra a 
a 
Pi = a 
- hs : +4 
a a 5 Pm 





Se aT Ta aT Td Fe 
ml aL use * a | ae 


UNLIMITED 
BroadbandAccess 
now ata a of 


$ ; 9” monthly access 


Offer valid on 2-year Customer Agreement with qualifying voice pian 


Don’t be limited by Wi-Fi hotspots. 
Enjoy the freedom of Verizon Wireless BroadbandAccess, 
the nation’s largest high-speed wireless broadband network. 


Wi-Fi only works in limited locations, while BroadbandAccess works coast to coast in over 60 metropolitan areas, covering over 140 million Americans. 
And unlike Wi-Fi, BroadbandAccess has wide-area coverage and secure CDMA technology, so you have the freedom to work where it’s convenient for 
you. Connect to the Internet, company intranet, or email and download critical information and access business applications at average speeds between 
400-700 kbps. Now you can work when you want, in more places nationwide. And if you’re traveling internationally, we now have a global data card. 


Teamed Call our business reps at 1.800.VZW.4BiZ or go to verizonwireless.com. 


with 
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We never stop working for yous 
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So Long, Boomers 


OOD NEWS! IBM has a solution for your baby-boomer 

problem. You know, that one you’ve been losing sleep 

over: the fact that corporate employees born during 

the post-World War II baby boom will start hitting 60 

next year, and once they begin to retire, you'll lose all 
their knowledge and experience [QuickLink 57145]. 

Uh, you haven’t lost sleep over losing those boomers? And you 
don’t think you need IBM’s newly formed army of consultants, cul- 
tural anthropologists, researchers and social scientists? You figure 
your company will just do what it has always done — let those aging 
yuppies go and hire kids to replace them? 

Maybe you’ve got the right idea. But hold that thought. 


Actually, IBM’s new consulting angle isn’t 
completely useless. There likely will be plenty | 
of boomer attrition — eventually. But there are 
lots of boomers (everyone born in the U.S. be- 
tween 1946 and 1964). The worst of the exodus 
won't kick in until about 2015, when the peak of 
the boom passes age 65. There’s time. 

Then again, IBM knows that lots of CIOs and 
human resources VPs are baby boomers them- 
selves, already looking forward to retirement. 
And if IBM actually can, as advertised, run em- 
ployee data through its special software and 
come up with a who-to-hire workforce plan for 
around $100,000, it’s a pretty cheap service. So 
the timing makes sense, and the price isn’t bad. 

But Big Blue’s new service won’t buy your 
company what it truly needs. 

See, IBM may be able to figure out which 
business skills your company will lose when 
each boomer retires. That is, the generic skills. 
There’s no subtlety in an HR database. Maybe it 
contains employee résumés, certifications, even 
data on continuing education. But that’s all that 
can be mined from it. 

The really good stuff — special- 
ized knowledge of how your busi- 
ness really works — isn’t generic. It 
really is locked in the heads of long- 
time employees. And it’s in your in- 
terest to extract that understanding 
of your business processes before it 
leaves the building when those peo- 
ple retire. It'll be invaluable for every 


You'll need to identify key employees long 
before they leave. You'll have to put IT business 
analysts to work interviewing them, to pick the 
employees’ brains and then document how 
everything works — and why. 

Then you'll be able to slice and dice it. You 
can identify which of your company’s practices 
are industry-standard and which are unusual. 
You can decide what’s worth keeping and 
what’s junk. Then you can check back with the 
interviewed employees to see if there’s good 
reason not to dump a particular process or 
approach or peculiarity. 

Does all this nontechnical interviewing and 
analysis sound a little too IT-free? No, it’s not 
bytes and wires. It’s all business. And remem- 
ber, that’s what IT is about now: business. 

Think of it as a lot like collecting require- 
ments — only piecemeal, and with a broader 
scope than for any single project. If you plan 
ahead and pick the right employees, you can 
schedule your analysts when they have a little 
time to spare, to keep the cost to a minimum. 

On the other hand, the impact 
on IT’s ability to understand 
your business could be huge. 
This is your chance to get real 
visibility into your organization. 
And that could translate into 
faster and better IT response to 
business needs. 

But the window for that visibility 
won't be open forever. So get start- 


major IT project going forward. 

Can you extract it? Probably. But 
the time to start working on that ex- 
traction isn’t when boomers start 
easing out the door. 


FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered IT for more 


than 20 years. Contact him at 
frank_hayes@computerworld.com. 


ed now to make it a reality. That 
way, when those boomers begin to 
retire, you can afford to let them 
go. You'll still have something to 
remember them by. @ 57174 
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Can You Hear Me Now? 


Sysadmin pilot fish is on a camping trip when he gets 
a cell phone call from a business user about a Web 
application that's having problems. Right, says fish, 
just have a computer operator go to the data center 
and call me, and I'll talk him through resetting the 
server. Half an hour later, fish’s phone rings. It’s the 
computer operator: “OK, I'm at the day care center. 
Frank said | should call you from here. What am | 
supposed to do from here to reset the server?” 


: the task bar, a very de- 
; tailed system tray, and 


: Like Lightning 

: “My laptop battery is dy- 
: ing! I don’t want to lose 
: this interview, but the 

: battery says it’s at 25%. 
: Will you please call me? 
? Oh great, now it’s at 

: 27%. Call me right 

: away!” Pilot fish knows 
: it's charging up, not run- 
: user to put her mind at 
: ease. “Oh, thanks for 

: calling,” says user, “but 
: it’s fixed itself - and the 


IT’S JUST LIKE MAGIC: You send me your true tale 

oi IT life at sharky@computerworid.com, and I'll 
send you a snazzy Shark shirt if | use it. And check out the 
daily feed, browse the Sharkives and sign up for Shark Tank 
home delivery at computerworld.com/sharky. 
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NO SET UP COSTS. 
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So Standard, It’s Hot-Pluggable 
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ORACLE 


oracle.com/middleware 
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